[Closed] Www.Google-analytics.com

Resolved
By sawzalot
Oct 16, 2010
Topic Status:
Not open for further replies.
  1. Hi folks, I am new here and really need your help in the easiest layman terms possible, yes I am not very computer savvy I actually don't know a whole bunch but what happens on my laptop is a re-direct to google analytics . com but I end up with a blank white screen that just stays like that and also everything else is slower than a snails pace, I am using an HP with windows XP, and fire fox latest version with an ad block, avast , I tried to install Malware but the trojan will not let it run no matter what, could I please get the easiest help available to fix this before fantasy football Sunday, oh yeah this just happened yesterday, I think I was tricked when prompted to open up some video on football fanatics Thank You for your thoughts about this.sawz.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Welcome to TechSpot! I'll help you sort this out. What do you have set as your homepage?

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, please paste the logs for review in your next reply . OK to use more than one posts if needed.

    It's not clear to me whether you were able to install Malwarebytes, but just no run the scan. Either way, try this:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I am using comcast.net as my homepage, I do have Malwarebytes installed but it just will not start up.
    I am sorry but I already used a atf to clear stuff out as directed by a fellow audioholic but that did not work and also I can only run in safe mode for about two minutes and then the computer shuts down as well.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Click on Start> Run> type in eventvwr

    Do this on each the System and the Applications logs:
    [1]. Click to open the log>
    [2]. Look for the Errors corresponding to time of crash- Errors are time coded, so check the computer clock time when you crash>
    [3] .Double click on the Error to open to Properties>
    [4]. Click on Copy button, top right, below the down arrow >
    [5]. Paste here (Ctrl V)
    [6].NOTES
    • You can ignore Warnings and Information Events.
    • If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
    • You don't need to include the lines of code in the box below the Description, if any.
    • Please do not copy the entire Event log.
    Errors are time coded. Check the computer clock on freeze.
  5. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I followed the last instructions and when I double click on the errors that shut down the computer the log says that the error can not be located the error is listed like this the first one is hpqcxso8 then the second one a second later is hpqddsvc I think the computer is getting slower and slower as we go and some sites will not even appear now just that white screen, i wish I knew more I tried the 6-7 step virus removal but that is almost impossible to get done at this point, thanks again sawz.
  6. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/9/2009 9:36:51 PM
    System Uptime: 10/16/2010 4:15:26 PM (2 hours ago)

    Motherboard: Hewlett-Packard | | 30B5
    Processor: AMD Turion(tm) 64 X2 | U1 | 1607/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 83 GiB total, 56.319 GiB free.
    D: is FIXED (FAT32) - 9 GiB total, 1.408 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP376: 8/27/2010 8:39:58 AM - System Checkpoint
    RP377: 8/29/2010 12:24:24 PM - System Checkpoint
    RP378: 8/30/2010 6:55:55 PM - System Checkpoint
    RP379: 8/31/2010 7:54:16 PM - System Checkpoint
    RP380: 9/2/2010 5:13:33 PM - System Checkpoint
    RP381: 9/4/2010 12:38:31 PM - System Checkpoint
    RP382: 9/6/2010 7:49:14 AM - System Checkpoint
    RP383: 9/7/2010 10:14:59 AM - System Checkpoint
    RP384: 9/7/2010 11:20:59 AM - Restore Operation
    RP385: 9/8/2010 9:19:18 AM - Installed Java(TM) 6 Update 21
    RP386: 9/8/2010 9:20:32 AM - Installed Java Runtime Environment
    RP387: 9/8/2010 10:23:00 AM - Advanced SystemCare RestorePoint
    RP388: 9/8/2010 12:31:28 PM - Installed Super Ad Blocker
    RP389: 9/9/2010 1:23:18 PM - System Checkpoint
    RP390: 9/10/2010 2:10:58 PM - System Checkpoint
    RP391: 9/11/2010 2:57:37 PM - System Checkpoint
    RP392: 9/12/2010 3:31:28 PM - System Checkpoint
    RP393: 9/13/2010 5:40:23 PM - System Checkpoint
    RP394: 9/14/2010 7:56:49 PM - System Checkpoint
    RP395: 9/15/2010 9:03:53 PM - System Checkpoint
    RP396: 9/16/2010 3:00:32 AM - Software Distribution Service 3.0
    RP397: 9/17/2010 8:17:39 AM - System Checkpoint
    RP398: 9/18/2010 8:28:14 AM - System Checkpoint
    RP399: 9/19/2010 11:13:34 AM - System Checkpoint
    RP400: 9/19/2010 1:39:05 PM - Removed Skype™ 4.2
    RP401: 9/19/2010 1:40:26 PM - Removed Super Ad Blocker
    RP402: 9/20/2010 2:13:51 PM - System Checkpoint
    RP403: 9/21/2010 3:03:30 PM - System Checkpoint
    RP404: 9/23/2010 12:20:11 PM - System Checkpoint
    RP405: 9/24/2010 12:24:24 PM - System Checkpoint
    RP406: 9/25/2010 12:41:25 PM - System Checkpoint
    RP407: 9/26/2010 1:08:11 PM - System Checkpoint
    RP408: 9/27/2010 7:06:23 PM - System Checkpoint
    RP409: 9/28/2010 7:13:26 PM - System Checkpoint
    RP410: 9/30/2010 12:40:50 AM - Software Distribution Service 3.0
    RP411: 10/1/2010 9:54:03 AM - System Checkpoint
    RP412: 10/3/2010 7:58:24 PM - System Checkpoint
    RP413: 10/4/2010 8:05:21 PM - Restore Operation
    RP414: 10/4/2010 9:01:52 PM - Removed Super Ad Blocker
    RP415: 10/4/2010 11:35:23 PM - Software Distribution Service 3.0
    RP416: 10/6/2010 5:36:11 PM - System Checkpoint
    RP417: 10/7/2010 6:19:45 PM - System Checkpoint
    RP418: 10/8/2010 8:05:09 PM - System Checkpoint
    RP419: 10/8/2010 9:19:00 PM - Software Distribution Service 3.0
    RP420: 10/10/2010 9:38:55 PM - System Checkpoint
    RP421: 10/14/2010 6:04:50 PM - Restore Operation
    RP422: 10/14/2010 9:45:36 PM - Software Distribution Service 3.0
    RP423: 10/14/2010 10:10:28 PM - Software Distribution Service 3.0
    RP424: 10/14/2010 10:24:31 PM - Advanced SystemCare RestorePoint
    RP425: 10/15/2010 9:09:37 AM - Installed Java(TM) 6 Update 22
    RP426: 10/15/2010 5:20:23 PM - Restore Operation
    RP427: 10/15/2010 5:41:28 PM - Software Distribution Service 3.0
    RP428: 10/15/2010 7:13:23 PM - avast! Free Antivirus Setup
    RP429: 10/15/2010 7:19:15 PM - Restore Operation
    RP430: 10/15/2010 8:00:37 PM - Removed Skype™ 4.2
    RP431: 10/15/2010 8:07:08 PM - avast! Free Antivirus Setup
    RP432: 10/15/2010 8:44:52 PM - Installed AVG 2011
    RP433: 10/15/2010 8:45:21 PM - Installed AVG 2011
    RP434: 10/16/2010 9:11:46 AM - Software Distribution Service 3.0
    RP435: 10/16/2010 9:28:21 AM - Software Distribution Service 3.0
    RP436: 10/16/2010 11:55:06 AM - Removed AVG 2011
    RP437: 10/16/2010 11:55:57 AM - Removed AVG 2011
    RP438: 10/16/2010 12:13:38 PM - Revo Uninstaller Pro's restore point - ashampoo firewall
    RP439: 10/16/2010 12:15:04 PM - Revo Uninstaller Pro's restore point - avg
    RP440: 10/16/2010 12:15:30 PM - Revo Uninstaller Pro's restore point - avast
    RP441: 10/16/2010 12:16:11 PM - Revo Uninstaller Pro's restore point - google-analytics.com
    RP442: 10/16/2010 3:56:45 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    BufferChm
    Conexant HD Audio
    Copy
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_LightScribeConfig
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    cp_UpdateProjectsConfig
    CueTour
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    eSupportQFolder
    F4200
    F4200_Help
    FullDPAppQFolder
    GPBaseService
    GPBaseService2
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 10.0
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Help and Support
    HP Imaging Device Functions 10.0
    HP Pavilion Webcam Tray Icon
    HP Photosmart Essential 3.5
    HP Photosmart Premier Software 6.0
    HP Quick Launch Buttons 6.00 G2
    HP QuickPlay 2.1
    HP Rhapsody
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HP User Guides 0027
    HP Wireless Assistant 2.00 E1
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HpSdpAppCoreApp
    HPSSupply
    ImgBurn
    InstantShareDevices
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 21
    LightScribe 1.4.74.1
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Standard Edition 2003
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Movie Player Pro ActiveX Control
    MSVCSetup
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    Office 2003 Trial Assistant
    OptionalContentQFolder
    PhotoGallery
    Picasa 3
    PSSWCORE
    QuickTime
    RandMap
    RealPlayer
    RealUpgrade 1.0
    Revo Uninstaller Pro 2.4.1
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Shop for HP Supplies
    SkinsHP1
    SmartAudio
    SolutionCenter
    Sonic_PrimoSDK
    Status
    Synaptics Pointing Device Driver
    Toolbox
    TourSetup
    TrayApp
    Unload
    UnloadSupport
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool
    Windows Media Format Runtime
    Windows Media Player 10
    Windows Media Player Firefox Plugin
    Windows XP Service Pack 3
    Wireless Home Network Setup

    ==== Event Viewer Messages From Past Week ========

    10/16/2010 9:13:00 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/16/2010 4:12:21 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 4:12:21 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 4:12:21 PM, error: Service Control Manager [7034] - The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 12:56:50 PM, error: AmdK8 [2] - The Acpi 2.0 _PCT object returned an invalid value of 255
    10/16/2010 12:50:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Fips IPSec KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss SABKUTIL Tcpip
    10/16/2010 12:50:29 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/16/2010 12:50:29 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/16/2010 12:50:29 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/16/2010 12:50:29 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/16/2010 12:49:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/16/2010 12:49:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/16/2010 12:49:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/15/2010 8:46:34 PM, error: Service Control Manager [7000] - The AVG Mini-Filter Resident Anti-Virus Shield service failed to start due to the following error: The parameter is incorrect.
    10/15/2010 8:01:14 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    10/15/2010 7:56:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SABKUTIL
    10/15/2010 7:56:53 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
    10/15/2010 7:42:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Print Spooler service to connect.
    10/15/2010 7:42:57 PM, error: Service Control Manager [7000] - The Print Spooler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/15/2010 7:42:47 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/15/2010 7:41:57 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/15/2010 7:35:21 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    10/15/2010 7:13:38 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).
    10/15/2010 7:11:12 PM, error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/15/2010 7:07:36 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/14/2010 9:56:06 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    10/14/2010 9:56:06 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
    10/14/2010 9:50:16 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool - October 2010 (KB890830).

    ==== End Of File ===========================
  7. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Robert at 18:20:37.06 on Sat 10/16/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.429 [GMT -4:00]

    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    svchost.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Documents and Settings\Robert\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.comcast.net/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uDefault_Search_URL = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [nwiz] nwiz.exe /install
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppavi~1.lnk - c:\program files\hewlett-packard\hp pavilion webcam\tsnp2std.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://74.73.125.189:8888/RtspVaPgDec.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-16 162768]
    R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-6-23 315408]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-16 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-16 40384]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-16 27064]

    =============== Created Last 30 ================

    2010-10-16 17:20:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 17:20:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 16:11:30 -------- d-----w- c:\docume~1\robert\locals~1\applic~1\VS Revo Group
    2010-10-16 16:08:46 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-10-16 16:08:44 -------- d-----w- c:\program files\VS Revo Group
    2010-10-16 15:43:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-10-16 00:49:11 -------- d-----w- c:\docume~1\robert\applic~1\AVG10
    2010-10-16 00:47:13 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2010-10-16 00:45:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2010-10-16 00:39:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2010-10-16 00:10:51 -------- d-----w- c:\program files\PC Tools Security
    2010-10-16 00:04:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
    2010-10-15 23:29:16 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2010-10-15 23:29:16 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-15 23:26:42 -------- d-----w- c:\docume~1\robert\locals~1\applic~1\WMTools Downloaded Files
    2010-10-15 23:26:42 -------- d-----w- c:\docume~1\robert\applic~1\IObit
    2010-10-15 23:26:41 -------- d-----w- c:\program files\Carbonite
    2010-10-15 22:49:45 -------- d-----w- c:\program files\Trend Micro
    2010-10-15 22:20:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-10-15 01:42:36 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-15 01:42:35 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 01:42:35 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 01:42:21 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 14:46:07 -------- d-----w- C:\spoolerlogs
    2010-09-18 16:23:26 974848 ------w- c:\windows\system32\dllcache\mfc42u.dll

    ==================== Find3M ====================

    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 15:04:03 0 ----a-w- c:\windows\YOURAPP.EXE
    2010-09-09 15:03:58 0 ----a-w- c:\windows\ORUN32.EXE
    2010-09-09 15:03:47 0 ----a-w- c:\windows\system32\CMMGR32.EXE
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet(2)(2).dll
    2010-09-09 14:16:31 627712 ----a-w- c:\windows\system32\urlmon(2)(2).dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:30 1510400 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k(2)(2).sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc(2)(2).dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32(2)(2).dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(3).dll

    ============= FINISH: 18:22:13.70 ===============
  8. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I am sorry for all of that but i dont know what the heck I am doing and nothing has worked so far I am ready to give up,Thanks for all of your help, sawz.
  9. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    This is from hijack this:

    Scan saved at 6:39:17 PM, on 10/16/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
    O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://74.73.125.189:8888/RtspVaPgDec.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8865 bytes
  10. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 142):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xF7AF0000 \WINDOWS\system32\KDCOM.DLL
    0xF7A00000 \WINDOWS\system32\BOOTVID.dll
    0xF74C1000 ACPI.sys
    0xF7AF2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF74B0000 pci.sys
    0xF75F0000 isapnp.sys
    0xF7600000 ohci1394.sys
    0xF7610000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7A04000 compbatt.sys
    0xF7A08000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7BB8000 pciide.sys
    0xF7870000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF7AF4000 intelide.sys
    0xF7AF6000 viaide.sys
    0xF7AF8000 aliide.sys
    0xF7492000 pcmcia.sys
    0xF7620000 MountMgr.sys
    0xF7473000 ftdisk.sys
    0xF7A0C000 ACPIEC.sys
    0xF7BB9000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF7878000 PartMgr.sys
    0xF7630000 VolSnap.sys
    0xF745B000 atapi.sys
    0xF7442000 nvata.sys
    0xF7640000 disk.sys
    0xF7650000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7422000 fltmgr.sys
    0xF7410000 sr.sys
    0xF7880000 PxHelp20.sys
    0xF73F9000 KSecDD.sys
    0xF736C000 Ntfs.sys
    0xF733F000 NDIS.sys
    0xF7660000 Serial.sys
    0xF7325000 Mup.sys
    0xF7670000 AVGIDSEH.Sys
    0xF7680000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF7830000 \SystemRoot\system32\DRIVERS\AmdK8.sys
    0xF704D000 \SystemRoot\system32\DRIVERS\cpqbttn.sys
    0xF7840000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xF7910000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7049000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xF6495000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
    0xF6117000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
    0xF6103000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF7AA0000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0xF7918000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0xF60DF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7920000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF7850000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF7860000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF7690000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF60BC000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF60A8000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xF7928000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
    0xF6A8A000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
    0xF605C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
    0xF6034000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xF7AB4000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
    0xF5FE9000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
    0xF5FB2000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
    0xF6A7A000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7930000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF5F82000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xF7B26000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7938000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7AB8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF7C62000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF6A6A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7ABC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF5F6B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF6A5A000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF6A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF7940000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF5F5A000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF6A3A000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7948000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF7950000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF6A2A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7B28000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF5EFC000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7AC8000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF66B3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xF64FD000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEE970000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xEE960000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
    0xB9727000 \SystemRoot\system32\drivers\CHDAud.sys
    0xB9703000 \SystemRoot\system32\drivers\portcls.sys
    0xEE950000 \SystemRoot\system32\drivers\drmk.sys
    0xB96D0000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
    0xB95DC000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
    0xB952A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF4BF8000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF0A5F000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xB94B1000 \SystemRoot\system32\DRIVERS\klif.sys
    0xEEE80000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF0A53000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xEE49C000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xB9493000 \SystemRoot\System32\Drivers\usbvideo.sys
    0xF7B98000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xED8D6000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B9A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xED9DA000 \SystemRoot\System32\drivers\vga.sys
    0xF7B9C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B9E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xED9D2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xED9CA000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEE484000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xB8753000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xB86FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEDD56000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xB86D4000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEDD46000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xB86AC000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB868A000 \SystemRoot\System32\drivers\afd.sys
    0xEDD36000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF7B0A000 \SystemRoot\system32\DRIVERS\eabfiltr.sys
    0xECF1B000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB7693000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xB713B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7730000 \SystemRoot\System32\Drivers\Fips.SYS
    0xB6397000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xF4C20000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xB6373000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB692A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF4C08000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF7C37000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF012000 \SystemRoot\System32\nv4_disp.dll
    0xB648D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xF72F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB3BF7000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xB39EA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xB39AD000 \SystemRoot\system32\drivers\wdmaud.sys
    0xECF0B000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB3657000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB386F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xB31B6000 \SystemRoot\System32\Drivers\HTTP.sys
    0xF7908000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 50):
    0 System Idle Process
    4 System
    820 C:\WINDOWS\system32\smss.exe
    876 csrss.exe
    904 C:\WINDOWS\system32\winlogon.exe
    948 C:\WINDOWS\system32\services.exe
    960 C:\WINDOWS\system32\lsass.exe
    1112 C:\WINDOWS\system32\svchost.exe
    1172 svchost.exe
    1212 C:\WINDOWS\system32\svchost.exe
    1384 svchost.exe
    1524 svchost.exe
    1568 C:\WINDOWS\explorer.exe
    1788 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1908 C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
    1988 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2000 C:\Program Files\Hp\QuickPlay\QPService.exe
    2012 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
    168 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    212 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    520 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    528 C:\WINDOWS\system32\rundll32.exe
    536 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    568 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
    624 C:\WINDOWS\system32\ctfmon.exe
    728 C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    1084 C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
    1680 svchost.exe
    2044 C:\Program Files\Hp\Digital Imaging\bin\hpqimzone.exe
    200 C:\WINDOWS\system32\svchost.exe
    744 C:\Program Files\Java\jre6\bin\jqs.exe
    1644 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1872 C:\WINDOWS\system32\svchost.exe
    2056 C:\WINDOWS\system32\nvsvc32.exe
    2116 C:\WINDOWS\system32\svchost.exe
    2184 C:\WINDOWS\system32\svchost.exe
    2320 wdfmgr.exe
    2420 C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    3144 wmiprvse.exe
    3656 alg.exe
    4080 C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
    2744 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
    2884 C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
    2948 C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
    3344 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    2592 C:\Program Files\Mozilla Firefox\firefox.exe
    2440 C:\Program Files\Hp\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    3460 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2372 C:\Documents and Settings\Robert\My Documents\Downloads\MBRCheck.exe
    656 C:\Program Files\Real\RealPlayer\realplay.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`ace6d600 (FAT32)

    PhysicalDrive0 Model Number: ST9100824AS, Rev: 3.05

    Size Device Name MBR Status
    --------------------------------------------
    93 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 6CFADD51C7C23062276CFACC2EEF26A447A44C7C


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    • Open Notepad
    • Copy and paste the text in the codebox into Notepad:
      Code:
      
      @ECHO OFF
      START 
      remover.exe fix \.\PhysicalDrive0    
      EXIT
      
    • Go File > Save As
    • Save as Type choose All Files
    • For File Name type fix.bat
    • Save In> choose Desktop
    • Save
    • Double click to Run fix.bat
    (You may see a black box appear; this is normal.)

    Run remover.exe again and post its output.

    Do NOT reboot computer!
  12. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I want to run the (remover.exe) properly without fail could I get a little direction on that process thank you , sawz

    When I run( fix.bat ) the results are very minimal almost like it did not run through is that the result I should have seen ?
  13. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I have not installed or un-installed anything since you last directed me , I am sorry if I did prior to today but I think frustration led me down a panic path, thanks for your help, sawzalot (Robert).
     
  14. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I found the remover.exe download but I can not down load it I get a re-rirect to some virus protection site in german called G Data software, don't know what to do next so I'll wait for a reply Thank You sawz.
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Okay, we need to get on the same track here:

    Prelim programs were:
    1. Malwarebytes: it wouldn't run so I gave you a program to help that. But I have not seen the Mbam log yet.
    2. DDS: Program was run and the 2 logs were left.
    3. GMER: No mention, no log.
    =====================================
    1. Errors: I requested a copy of the Errors from the Event Viewer but you couldn't show it.
    2. HijackThis: you ran this which I did not request and left a log. The version was missing
    3. MRBCheck: you ran this which I did not request.
    4. Bootfix Remover: my bad> I mistakenly gave you this program not realizing that you had not run the Bootfix program, but ran MBRCheck instead. So you did not have the 'remover.exe.'
    =====================================================
    Let's get this aimed in the right direction. Please stop running random scans. It is specifically asked that you do not run these while you are being helped.
    ===================================
    Before you run any more scans, please describe what is happening with your system. Originally it was a problem with google analytics. You mentioned the system is slow which may or may not be related to malware.
    ================================
    The following restore points are some that were set mainly between 10/14-10/16:
    RP421: 10/14/2010 6:04:50 PM - Restore Operation
    RP424: 10/14/2010 10:24:31 PM - Advanced SystemCare RestorePoint
    RP426: 10/15/2010 5:20:23 PM - Restore Operation
    RP428: 10/15/2010 7:13:23 PM - avast! Free Antivirus Setup
    RP429: 10/15/2010 7:19:15 PM - Restore Operation
    RP431: 10/15/2010 8:07:08 PM - avast! Free Antivirus Setup 2nd download
    RP432: 10/15/2010 8:44:52 PM - Installed AVG 2011
    RP433: 10/15/2010 8:45:21 PM - Installed AVG 2011 2nd install
    RP436: 10/16/2010 11:55:06 AM - Removed AVG 2011
    RP437: 10/16/2010 11:55:57 AM - Removed AVG 2011 2nd uninstall
    RP438: 10/16/2010 12:13:38 PM - Revo Uninstaller Pro's restore point - ashampoo firewall
    RP439: 10/16/2010 12:15:04 PM - Revo Uninstaller Pro's restore point - avg
    RP440: 10/16/2010 12:15:30 PM - Revo Uninstaller Pro's restore point - avast
    RP441: 10/16/2010 12:16:11 PM - Revo Uninstaller Pro's restore point - google-analytics.com
    RP442: 10/16/2010 3:56:45 PM - avast! Free Antivirus Setup 1st install, 2 downloads


    And these 2 programs show you uninstalled them twice:
    RP400: 9/19/2010 1:39:05 PM - Removed Skype™ 4.2>> and again
    RP430: 10/15/2010 8:00:37 PM - Removed Skype™ 4.2
    RP401: 9/19/2010 1:40:26 PM - Removed Super Ad Blocker>> and again
    RP414: 10/4/2010 9:01:52 PM - Removed Super Ad Blocker

    ==============================================
    It would be best if you stopped using the Revo Uninstaller at this point. Do not do any System Restores while I'm helping you- they will undo anything that was done on the system previously. It looks like you couldn't remove all of AVG (there is a tools to do this) so used Revo.

    Please uninstall the following programs: Do NOT use Revo. Go to Add/Remove Programs in the Control Panel:
    [Advanced SystemCare 3]> this is not a good program to have on the system and some sites that have it are questionable.
    MBRCheck.
    =========================================
    The system must be very confused about what it has and what to run. If I have you do something and an entry remains from it, I can move it after you run Combofix.
    ===========================================
    To get rid of some of the temporary internet files slowing you down, please run this program> it does not produce a log:TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

    TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.
    TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
    ==============================
    Then please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    Nothing else! No other installs or uninstalls, no other scans!
  16. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    Thanks and yes I will stop doing any thing but what you advise, I was getting too many suggestions from other kind folks but then when they realized that they were out of their league they stepped off, you responded so I will only go with your suggestions, I apologize for the side track.
    Symptoms are still the google re-direct to a blank white screen and some other various re directs that I never experienced before.

    The Malware bytes worked after your link to give a short cut and it did create a log and quaranteend some virus' but I don't know how to copy a log report from that program, it seems like it won't let me.

    I am on a different computer right now so I will copy all of your directions , perform said actions on the infected unit and post back any results that you requested, Thank You Sawz.

    On infected machine..
    when I go to add /remove there are no traces of (advance system care) and or (mbr check).


    Update* I ran the TFC and it worked fine.
    I saved combofix to desktop > closed avast > I don't know how to turn off Malwarebytes other then just not running it > then I closed browsers > dbl click on combofix > follow prompts. but it acts just like the first malwarebytes something will not allow the program to run or even open for that matter, so I will wait for advise, Thank You ,sawz.
  17. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I tried to run the combo fix again at 9:43 pm again no luck , it just will not start, will not respond at all, thanks again sawz (Robert).
    Good Night.
  18. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    Oh my goodness, I experienced yet another set-back, talk about dumb luck. I was using an older desktop HP Pav. 523x, latest firefox, zone alarm, super Ad Block, it asked for an update auto update for windows and I let it run it was taking a while like the machine was struggling but it was slowly making progress then bam the screen goes dark and the machine starts to really chgurn up working extra hard and nothing ever came back up I go to it this morning and start it up nothing happens, it makes a high pitched alrm type beep every 4 seconds but no screen and no keyboard, this machine was working absolutely perfectly and some what fast for its age but now its dead. This brings me back to the infected unit , at least its working for now the ghostery add on helps me get around but the virus is still in there, please see my above two posts as to what I have done so far, Thanks sawz..
  19. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I wanted to mention that I get a new warning now that I never saw before it says >Norton internet worm protection is turned off.I never saw that before, I never knew I had that and really don't know anything about it.
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Does this thread involve 2 different computers? You must be very confused by now- I am!

    I'd like you to run the Error checking, also known as CHKDSK:

    Where to set Error Checking up
    You can do the Error Check from Command Prompt:
    Using the Command Prompt should have been this: Start> Run> type in cmd> type in Chkdsk /f /r followed by a reboot. Chkdsk will start in a few seconds

    Or Windows Explorer:
    Right click on Start> Explore> My Computer> Right click on Local Drive (usually C)> Properties> Tools> Error Check> check both boxes on the screen that comes up> Apply> Close the message and reboot for the Error Checking to start.

    You have nothing else to do except wait for the system to reboot after the Error Checking has finished.

    The choices in Error Checking:
    1. CHKDSK or Error Check alone will only scan the current drive but will not fix errors on the disc or attempt to recover bad sectors. Using Start or Enter begins the process without a reboot.
    2. VolumeSpecifies the drive letter other than the Local Drive (followed by a colon), mount point, or volume name.) To have the checking use a different drive, the Command Chkdsk is followed by the drive letter, then a colon such as chkdsk volume E:
    3. File Errors can be found and fixed using the switch /F The nag message that comes up can be closed and the system rebooted to start the checking.
    4. Recovery of readable information in bad sectors can be done by using the switch /R This implies that the /F switch has also been used. Locates bad sectors and recovers readable information (implies /F).The nag message that comes up can be closed and the system rebooted to start the checking.

    This is going t take a while if it runs at all, but so much has been done to the system that there has got to be files and sectors messed up. Friends mean well, but malware help is very specific. What worked for them might not be appropriate for you. Unless you can get the system stable, you are going to have to face a reformat/reinstall.

    You might want to check this for the Beep Codes:
    Go to this section AMI BIOS beep codes HERE.
    Find the entry that describes yours exactly. Note that beep code significant in both number and intervals of the beeps.

    If you don't see the exact beep code description you're getting in this table, scroll down to the other tables and look for it there.
  21. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    No this is about the same computer I was merely pointing out that my back-up is now DOA as well ,so all I have to work with is this infected laptop I am blackballed from my wifes machine as well as my sons, they say I kill the poor things, HMMM.
  22. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I ran the error check or CHKDSC it took a while but it finished all 5 steps the system started back up and I came back here to see the next step, I am totally unsure as to your directions on the next process so I will wait to see your next post, Happy Birthday, have a great day, sawz.
  23. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    I managed to get combo fix to run through :LOG:

    ComboFix 10-10-19.01 - Robert 10/19/2010 23:26:12.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.567 [GMT -4:00]
    Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ORUN32.EXE
    c:\windows\system32\CMMGR32.EXE
    c:\windows\YOURAPP.EXE
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-20 to 2010-10-20 )))))))))))))))))))))))))))))))
    .

    2010-10-19 12:50 . 2010-10-19 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Gtek
    2010-10-19 12:50 . 2010-10-19 12:50 -------- d-----w- c:\documents and settings\Robert\Application Data\GTek
    2010-10-16 19:57 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-16 19:57 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-16 19:57 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-16 19:57 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-16 19:57 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-16 19:57 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-16 19:57 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-16 19:56 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
    2010-10-16 19:56 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-16 17:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-16 17:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 16:49 . 2010-10-17 01:35 -------- d-----w- c:\documents and settings\Administrator
    2010-10-16 16:11 . 2010-10-16 16:11 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\VS Revo Group
    2010-10-16 16:08 . 2009-12-30 16:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-10-16 16:08 . 2010-10-16 16:08 -------- d-----w- c:\program files\VS Revo Group
    2010-10-16 15:43 . 2010-10-16 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2010-10-16 00:49 . 2010-10-16 00:49 -------- d-----w- c:\documents and settings\Robert\Application Data\AVG10
    2010-10-16 00:47 . 2010-10-16 00:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2010-10-16 00:45 . 2010-10-16 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
    2010-10-16 00:39 . 2010-10-16 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-10-16 00:10 . 2010-10-16 00:50 -------- d-----w- c:\program files\PC Tools Security
    2010-10-16 00:06 . 2010-10-16 02:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-10-16 00:04 . 2010-10-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    2010-10-15 23:29 . 2010-10-15 23:29 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\WMTools Downloaded Files
    2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\documents and settings\Robert\Application Data\IObit
    2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\program files\Carbonite
    2010-10-15 22:49 . 2010-10-17 16:39 -------- d-----w- c:\program files\Trend Micro
    2010-10-15 22:20 . 2010-10-17 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-15 01:42 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2010-10-15 01:42 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
    2010-10-15 01:42 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2010-10-15 01:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2010-10-13 14:46 . 2010-10-13 14:46 -------- d-----w- C:\spoolerlogs

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-21 7561216]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "nwiz"="nwiz.exe" [2006-04-21 1519616]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
    HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2009-8-9 98304]
    HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/16/2010 3:57 PM 162768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/16/2010 3:57 PM 19024]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [10/16/2010 12:08 PM 27064]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - KLMDB
    *Deregistered* - klmdb

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-10-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-196392244-1619933075-25941823-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-10-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-196392244-1619933075-25941823-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://74.73.125.189:8888/RtspVaPgDec.cab
    FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uig03ldk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uig03ldk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
    HKLM-Run-ISUSPM Startup - c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe
    HKLM-Run-Cpqset - c:\program files\HPQ\Default Settings\cpqset.exe
    SafeBoot-klmdb.sys
    SafeBoot-mcmscsvc
    SafeBoot-MCODS



    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
    "ImagePath"="\??\c:\docume~1\Robert\LOCALS~1\Temp\ASFWHide"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-10-19 23:33:55
    ComboFix-quarantined-files.txt 2010-10-20 03:33

    Pre-Run: 59,312,234,496 bytes free
    Post-Run: 59,319,799,808 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - FAA8284F5F7C4E310EA4A2CF67C880DD
  24. sawzalot

    sawzalot Newcomer, in training Topic Starter Posts: 20

    Is the above log helpful at all, I was just wondering if my Laptop is on it's way to recovery or not, Thank You, sawz.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +34

    Are you using or did you use a USB flash drive while I've been helping you? There is one removal in the Combofix log that points to this. If you, did, I will have you disinfect the flash drive.

    It's 3 PM and I haven't had lunch yet. I'll be back later this afternoon to try and finish you up..

    Your patience is appreciated.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.