[Inactive] AVG Antivirus problem. Please help!

jo122 · Nov 11, 2010

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:36:20 PM, on 11/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [t`~y?:MBVhfk?{)C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [" ??DnR???OV?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/HTML/IE
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...9/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O24 - Desktop Component 0: (no name) - http://www.cheesecake-recipes.com/images/bg.gif

--
End of file - 8469 bytes

Bobbye · Nov 12, 2010

Please reopen HijackThis to 'do system scan only.' Check each of the following, if present:

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [t`~y?:MBVhfk?{)C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [" ??DnR???OV?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O24 - Desktop Component 0: (no name) - http://www.cheesecake-recipes.com/images/bg.gif

Close all Windows except HijackThis and click on "FixChecked."

Start> Control Panel> Display> Desktop> Customize Desktop> Web tab> uncheck and delete everything you find in there (except for "My current home page")> Also remove the check mark from the the Lock Desktop Items box if it is checked> Apply> OK> Close.
==========================================
Please run this Custom CFScrip

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad and copy/paste the text in the code below into it:
Code:
File::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"65533:TCP"=- 
"52344:TCP"=- 
"5869:TCP"=-
"5870:TCP"=-
"3389:TCP"=-
"9212:TCP"=-
"9211:TCP"=-
"6820:TCP"=-
"6821:TCP"=-
"4210:TCP"=-
"6920:TCP"=-
"8831:TCP"=-
"8832:TCP"=-
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Suggest you remove these items from Sheduled Tasks: What kind of task do you do for volume control?
2010-11-11 c:\windows\Tasks\Volume Control.job
- c:\windows\system32\sndvol32.exe [2004-10-10 12:00]

2010-11-11 c:\windows\Tasks\Windows Update.job: You can set this in the Security Center in the Control Panel
- c:\windows\system32\wupdmgr.exe [2003-03-31 12:00]

Do you have the CD for the operating system? You may have to replace explorer.exe

Please rescan with HijackThis and the Eset Online scanner.

jo122 · Nov 12, 2010

ComboFix 10-11-10.02 - user 11/12/2010 17:47:28.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.250 [GMT -8:00]
Running from: c:\documents and settings\user\My Documents\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-10-13 to 2010-11-13 )))))))))))))))))))))))))))))))
.

2010-11-12 01:35 . 2010-11-12 01:35 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-12 01:35 . 2010-11-12 01:35 -------- d-----w- c:\program files\Trend Micro
2010-11-11 19:42 . 2010-11-11 19:42 -------- d-----w- C:\_OTM
2010-11-10 12:35 . 2010-11-10 12:35 -------- d-----w- c:\program files\ESET
2010-11-09 07:27 . 2010-11-09 07:27 -------- d-----w- c:\documents and settings\user\Application Data\Avira
2010-11-09 07:00 . 2010-08-03 00:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-09 07:00 . 2010-08-03 00:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-11-09 07:00 . 2010-06-17 23:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-11-09 07:00 . 2010-06-17 23:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-11-09 07:00 . 2010-11-09 07:00 -------- d-----w- c:\program files\Avira
2010-11-09 07:00 . 2010-11-09 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-11-05 05:37 . 2010-11-05 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-30 17:52 . 2010-10-30 17:52 -------- d-----w- c:\program files\iPod
2010-10-30 17:52 . 2010-10-30 17:53 -------- d-----w- c:\program files\iTunes
2010-10-30 17:39 . 2010-10-30 17:39 -------- d-----w- c:\program files\Bonjour
2010-10-16 17:09 . 2010-10-23 09:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 19:23 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-03-31 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-03-31 12:00 954368 ------w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-03-31 12:00 953856 ------w- c:\windows\system32\mfc40u.dll
2010-09-09 13:38 . 2004-08-24 03:32 832512 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 13:38 . 2003-03-31 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-09 13:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-09-09 13:38 . 2003-03-31 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 15:57 . 2004-08-04 05:59 389120 ----a-w- c:\windows\system32\html.iec
2010-09-01 11:51 . 2003-03-31 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2003-03-31 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2003-03-31 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2003-03-31 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-04-15 20:36 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2003-03-31 12:00 617472 ------w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2003-03-31 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-12-04 00:35 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ERDNT\cache\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe

c:\windows\explorer.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2010-11-11_19.33.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-12 01:02 . 2010-11-12 01:02 16384 c:\windows\Temp\Perflib_Perfdata_210.dat
+ 2010-11-12 01:35 . 2010-11-12 01:35 1094656 c:\windows\Installer\1fc7c1.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
"Steam"="c:\program files\Steam\Steam.exe" [2010-09-11 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"t`~y?:MBVhfk?{)c:\program files\ISTsvc\istsvc.exe"="c:\windows\ltumps.exe" [?]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2004-12-08 385024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-08 136600]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-03 281768]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\ymditd\\counter-strike source\\hl2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5869:TCP"= 5869:TCP:Services
"5870:TCP"= 5870:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"9212:TCP"= 9212:TCP:Services
"9211:TCP"= 9211:TCP:Services
"6820:TCP"= 6820:TCP:Services
"6821:TCP"= 6821:TCP:Services
"4210:TCP"= 4210:TCP:Services
"6920:TCP"= 6920:TCP:Services
"8831:TCP"= 8831:TCP:Services
"8832:TCP"= 8832:TCP:Services
"3345:TCP"= 3345:TCP:Services
"5190:TCP"= 5190:TCP:Services
"6515:TCP"= 6515:TCP:Services
"6516:TCP"= 6516:TCP:Services

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/8/2010 11:00 PM 135336]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/1/2010 3:48 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 11:48]

2010-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-01 11:48]

2010-11-12 c:\windows\Tasks\System Restore.job
- c:\windows\system32\Restore\rstrui.exe [2004-10-10 00:12]

2010-11-12 c:\windows\Tasks\Volume Control.job
- c:\windows\system32\sndvol32.exe [2004-10-10 12:00]

2010-11-12 c:\windows\Tasks\Windows Update.job
- c:\windows\system32\wupdmgr.exe [2003-03-31 12:00]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: ShaPlus Google Translator - c:\program files\ShaPlus Google Translator\GoogleTranslator.dll/HTML/IE
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9218o7z1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\9218o7z1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\user\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\user\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\ltumps.exe - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 17:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"\" ??DnR???OV?c:\\Program Files\\ISTsvc\\istsvc.exe"="c:\\WINDOWS\\ltumps.exe"
.
Completion time: 2010-11-12 18:02:00
ComboFix-quarantined-files.txt 2010-11-13 02:01
ComboFix2.txt 2010-11-12 01:31
ComboFix3.txt 2010-11-11 19:37
ComboFix4.txt 2010-04-05 22:56

Pre-Run: 87,467,077,632 bytes free
Post-Run: 87,452,696,576 bytes free

- - End Of File - - F6B1A832D49539D66CDBFFB8193CEEB3

jo122 · Nov 12, 2010

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:22:00 PM, on 11/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17091)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [t`~y?:MBVhfk?{)C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [" ??DnR???OV?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: ShaPlus Google Translator - res://C:\Program Files\ShaPlus Google Translator\GoogleTranslator.dll/HTML/IE
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon High Speed Internet Installer.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JS...9/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 8263 bytes

jo122 · Nov 12, 2010

It's not deleting:
O4 - HKLM\..\Run: [t`~y?:MBVhfk?{)C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [" ??DnR???OV?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe

Do I have to provide you with the 2nd ESET scan log too? and where do I find scheduled tasks? My desktop is still currently non-existant.

Bobbye · Nov 14, 2010

Note this entry in the Combofix log:
- - - - ORPHANS REMOVED - - - -

HKLM-Run-c:\windows\ltumps.exe - (no file)

Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

O4 - HKLM\..\Run: [t`~y?:MBVhfk?{)C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe
O4 - HKLM\..\Run: [" ??DnR???OV?C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ltumps.exe

Close all Windows except the HijackThis and click on "Fix Checked

Reboot the computer and let me know how the system is.

jo122 · Nov 16, 2010

Would I have to do the combofix scan again and then once the log pops up, just enter Orphans removed etc at the bottom of the log?

Bobbye · Nov 16, 2010

Just follow my directions in Reply #26. You don't do anything with 'Orphans'. That is a comment to show they were removed- nothing more.

jo122 · Nov 20, 2010

I am able to go into sites by copy and pasting the link but I can't click directly on the link or I'll be sent to another page. Desktop is still invisible.

How do I get my desktop back? or is that another matter altogether?

I'm just happy to have found a way to go into a site without being redirected finally.

Bobbye · Nov 22, 2010

You reply is confusing> you say you can't click on a link because you get redirected. Then you say you're happy that you aren't being redirected. Can you clear this up for me please.

O24 - Desktop Component 0: (no name) - http://www.cheesecake-recipes.com/images/bg.gif

I had you remove the above. I don't think you mean your desktop is missing- that would mean there are no icons, no taskbar, etc. If you're referring to the background, go into Display in the Control Panel and choose a background.

jo122 · Nov 24, 2010

Sorry for the confusion. I can click on any link and it doesn't redirect me anymore! Thanks for the help with that. Before I had to copy and paste the link directly into the browser otherwise, I'd get redirected.

As for the missing desktop, my desktop backround is there but there are no icons, no taskbar etc. It just disappeared after I downloaded Avira. It disappeared when I downloaded AVG but it appeared again when I lowered the sensitivity (er, practically shut the antivirus off). On Avira, it doesn't have that option so I've had to use Cntl/Alt+Delete and click 'start new task' to do everything including shutting off my computer etc. Even if I shut off Avira and restart my computer, my desktop still ceases to appear.

Bobbye · Nov 24, 2010

I don't know of anything in an antivirus program that would cause icons and taskbar to go missing! Let's check the properties and make sure the settings are right:

Right click on the Taskbar> Taskbar tab< make sure there is a check in each of the following:
Lock Taskbar
Keep Taskbar on top
Show Quick Launch toolbar
If you had to make changes click on Apply> OK when finished.

Of you can't find the Taskbar to do this: Right click on the Desktop> Choose Refresh

Let me know if either of these solver the problem,

jo122 · Nov 25, 2010

When I right click, nothing appears. If I click and drag the mouse, usually, it forms the square that allows me to highlight the icons but, highlighting doesn't work either. It's a mystery what happened to my desktop.

The only way I can get to anything in my computer is through Ctrl/Alt+Delete 'task manager' and click on 'new task' then 'browse'.

Bobbye · Nov 26, 2010

I'd like you to do the following: If doing one restores the icons and Taskbar to the Desktop, you do not need to do the others.

1. Click on the Control Panel> System> Hardware tab> Device Manager> Click on + sign to left of IDE ATA/ATAPI Controller> Right click on Secondary IDE Channel> Scan for hardware changes.> Do you get an error- yellow triangle w/black ! over it? Is there any change noted?

2. Run the Error Check:Can you start Windows Explorer from the Task Manager? IF so, do that. Once Windows explorer is open: Click on My Computer> Right click on Local Drive (C)> Properties> Tools tab> Error Checking> Check both boxes on the screen that appears> Apply> OK> Close the message that comes up and Reboot. The Error Checking will start in a few seconds. The system will reboot when finished.

NOTE: This will take a while. It's important to let it finish.

3. Check for current Windows updates. Control Panel> Add/Remove Programs> Check Show updates> See if there was an auto-update on the same date your desktop icons and Taskbar went missing. If there is and if neither of the above has restored the desktop, make note of the update number, then uninstall it. Reboot the computer.

jo122 · Nov 27, 2010

I did #2 but w/o resolution. As for #1 and 3, I'm not sure how to access Control Panel through the Task Manager.

Bobbye · Nov 27, 2010

Open the Task Manager> click on the Applications tab> New Task> type Control Panel in the box. That will take you there.

jo122 · Dec 15, 2010

Sorry for the delay.

So I went to new task and typed in Control Panel and it doesn't allow me to do that. It says "windows cannot find explorer.exe. Make sure you have typed the name correctly..." etcetc. Also, I tried syncing my computer and it says I don't have any offline files to sync.

My computer has gotten unusually slow as well over the past week and a half or so. Every time I try to access the web, my computer starts (not responding) particularly when I stream tv shows. It's as if my desktop got wiped out or something. The programs I can access are limited. On the 'My Computer' option, there's no computer icon but one of those pictures that represents the 'file no longer existing' icons.

Do you think it might be the antivirus software? As I stated earlier, my desktop disappeared each time I downloaded a new antivirus software and reappeared if I either
a) technically turned off the protection
b) deleted the program

But the last program I downloaded and deleted before Avira is when the desktop just permanently disappeared..

Bobbye · Dec 15, 2010

You started this thread about 6 weeks ago. I should have closed it when you didn't reply in 5 days. I reread the early posts and it sounds like you don't know the difference between the antivirus program and a search engine. AV programs don't redirect you. You get redirected using a search engine, such as Google. You either get taken to a site not a subject of what you put in the search box, or you search, pick a site to go to but are directed somewhere else.

So you kept changing the antivirus programs because you though they was the cause of the redirects and in doing so, you left the system more vulnerable. We cannot just pick up a month later without new logs.

Run Eset NOD32 Online AntiVirus scan HERE

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the Active X control to install

Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.

Click Start

Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked

Click Scan

Wait for the scan to finish

Re-enable your Antivirus software.

A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

=====================================
Uninstall ComboFix and all Backups of the files it deleted

Click START> then RUN

Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

=====================================
Download Combofix again from one of these locations:and save to your desktop
Link 1
Link 2

Double click combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

Query- Recovery Console image

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

.Click on Yes, to continue scanning for malware

.If Combofix asks you to update the program, allow

.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

.Close any open browsers.

.Double click combofix.exe & follow the prompts to run.

When the scan completes it will open a text window. Please paste that log in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
Download HijackThis and save to your desktop.

Extract it to a directory on your hard drive called c:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

jo122 · Dec 15, 2010

You started this thread about 6 weeks ago. I should have closed it when you didn't reply in 5 days. I reread the early posts and it sounds like you don't know the difference between the antivirus program and a search engine. AV programs don't redirect you. You get redirected using a search engine, such as Google. You either get taken to a site not a subject of what you put in the search box, or you search, pick a site to go to but are directed somewhere else.
_________________
Yeah, I was going to make another thread but was surprised my original thread was still up. I'm not too good at 'computer speak' so you may have misunderstood me.

I do know the difference between an antivirus program such as AGV, Avira, Spyware Dr and so forth VS search engines like Internet explorer and Firefox. Because most computers get infected via search engines/e-mails etc, it's my (limited) understanding that the newer antivirus protection software (the ones I downloaded and tried deleting) obstructs the ability to go into infected sites or atleast it's intended to then catches and quarantines viruses.

Just to make sure that I'm understanding what you're saying, it sounds like you're telling me that there are no parallels between the fact that my search engine never once redirected me to another page nor my desk top ever disappear before I downloaded these antivirus programs for added protection because my Norton Antivirus had expired which everything was perfectly fine with Norton. If I got it skewed feel free to correct me.

I'll do the logs and post again.
Thanks for the help.

Bobbye · Dec 16, 2010

VS search engines like Internet explorer and Firefox. Because most computers get infected via search engines/e-mails etc, it's my (limited) understanding that the newer antivirus protection software (the ones I downloaded

This might help clarify a browser, search engine and how your security works:

Internet Explorer, Firefox, Opera, Chrome are browsers, not search engines.
The browser is what you use to access the internet.

Google, Yahoo, Bing, Dogpile and a whole bunch of others, are search engines
You use a search engine from within the browser to look for sites about a particular subject.

Computers do not get infected through a search engine: if there is malware on a system, it can cause what you choose for a URL in the search engine to be directed to a different site. There are different ways that malware can do this.

Computers don't get infected through email itself. They get infected if some malicious code has been included in the body of the email, or in an attachment that comes with the email, if you open it.

The security programs on the computer attempt to block loading if a malicious site or alert you to some type of malware on the site, in addition to preventing malware on the internet from accessing your computer..

The security has to be layered to protect you. It is not just an antivirus program alone that does this. The security should include a firewall and at least 2 antimalware programs in addition to the AV program.

Security programs that maintain a database of current malware infections is only as good as it's latest update. If you had Norton but let the subscription expire, then it was only as good as the last time if updated- which stops when the subscription expires.

because my Norton Antivirus had expired

While some AV programs are rated better than others, an antivirus program alone is not enough to protect the system. Trying multiple AV programs after the system has become infected leaves it more at risk.

I hope this help clarify how things work.

TechSpot

[Inactive] AVG Antivirus problem. Please help!

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

jo122 Newcomer, in training

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe

jo122 Newcomer, in training

Bobbye Helper on the Fringe