Google redirect

Inactive
By rmhughes0711
Feb 12, 2011
Topic Status:
Not open for further replies.
  1. I have a Vista computer that has the cursed Google redirect problem. I have run numerous spyware and malware scans but the problem still exists. I downloaded tdsskiller to my desktop and unzipped it, however it never launches even when I try and run it as an administrator. What can I do to resolve the issue?
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    [​IMG]
    (Image courtesy animationplayhouse.com)
    \
    Welcome to TechSpot![
    I'll help with the malware, but you should stop trying to find scans that will fix the problem! The key is finding what the problem is!

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Logs pasted as requested

    Please let me know the next step. Thanks for your help!

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5748

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19019

    2/12/2011 10:55:03 AM
    mbam-log-2011-02-12 (10-55-03).txt

    Scan type: Quick scan
    Objects scanned: 147694
    Time elapsed: 3 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ***************************************************************************************************************
    GMER log below

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-12 11:04:35
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0085
    Running: 4hmeymmi.exe; Driver: C:\Users\Linda\AppData\Local\Temp\uglcapob.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8520A1F8
    Device \Driver\iaStor \Device\Ide\iaStor0 [826D3A60] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdePort0 8520A1F8
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [826D3A60] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\a8q3g4nd \Device\Scsi\a8q3g4nd1Port3Path0Target0Lun0 86BD51F8
    Device \Driver\a8q3g4nd \Device\Scsi\a8q3g4nd1 86BD51F8
    Device \FileSystem\Ntfs \Ntfs 8520B1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\fastfat \Fat 8F9FC1F8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:292] 869439FB
    Thread System [4:296] 86945A2C

    ---- EOF - GMER 1.0.15 ----
    **************************************************************************************************************
    DDS.txt below


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Linda at 11:06:14.97 on Sat 02/12/2011
    Internet Explorer: 8.0.6001.19019
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.920 [GMT -5:00]

    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Linda\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uWindow Title = Internet Explorer provided by Dell
    uDefault_Page_URL = hxxp://www.dell.com
    mDefault_Page_URL = hxxp://www.dell.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    EB: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
    DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli psqlpwd

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\4ib0vqk6.default\
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2009-2-4 73728]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-4 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-9-9 47640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 27216]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-2-3 179712]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-2-3 111616]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-9 517448]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-9 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-17 21744]
    S3 utm0mjuw;AVZ Kernel Driver;c:\windows\system32\drivers\utm0mjuw.sys [2011-2-11 7168]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2011-02-11 15:27:08 7168 ----a-w- c:\windows\system32\drivers\utm0mjuw.sys
    2011-02-11 15:11:36 -------- d-----w- c:\progra~2\Kaspersky Lab
    2011-02-11 04:29:10 420352 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-11 04:00:01 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-11 04:00:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-11 04:00:00 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-02-10 06:10:09 -------- d-----w- c:\program files\Dell Support Center
    2011-02-10 05:59:48 -------- d-----w- c:\progra~2\PCDr
    2011-02-10 05:59:24 -------- d-----w- c:\users\linda\appdata\roaming\PCDr
    2011-02-10 04:29:55 -------- d-----w- c:\program files\common files\supportsoft
    2011-02-09 21:27:01 -------- d-----w- c:\windows\en
    2011-02-09 21:26:24 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-02-09 21:22:16 -------- d-----w- c:\program files\Microsoft
    2011-02-09 21:21:55 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-02-09 21:21:55 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-02-09 21:21:55 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-02-09 21:21:21 469256 ----a-w- c:\program files\common files\windows live\.cache\4aa6f60b1cbc89f41\InstallManager_WLE_WLE.exe
    2011-02-09 21:19:57 15712 ----a-w- c:\program files\common files\windows live\.cache\1949922b1cbc89f34\MeshBetaRemover.exe
    2011-02-09 21:18:25 94040 ----a-w- c:\program files\common files\windows live\.cache\e2158d4b1cbc89e27\DSETUP.dll
    2011-02-09 21:18:25 525656 ----a-w- c:\program files\common files\windows live\.cache\e2158d4b1cbc89e27\DXSETUP.exe
    2011-02-09 21:18:25 1691480 ----a-w- c:\program files\common files\windows live\.cache\e2158d4b1cbc89e27\dsetup32.dll
    2011-02-09 21:18:20 94040 ----a-w- c:\program files\common files\windows live\.cache\deb57a2b1cbc89e26\DSETUP.dll
    2011-02-09 21:18:20 525656 ----a-w- c:\program files\common files\windows live\.cache\deb57a2b1cbc89e26\DXSETUP.exe
    2011-02-09 21:18:20 1691480 ----a-w- c:\program files\common files\windows live\.cache\deb57a2b1cbc89e26\dsetup32.dll
    2011-02-09 21:14:08 -------- d-----w- c:\users\linda\appdata\local\Windows Live
    2011-02-09 21:14:07 -------- d-----w- c:\program files\common files\Windows Live
    2011-02-09 21:13:39 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-02-09 20:11:15 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-02-09 19:39:08 -------- d-----w- c:\progra~2\Roaming
    2011-02-09 19:38:55 56 ----a-w- c:\windows\system32\IHV_Install.bat
    2011-02-09 19:38:21 -------- d-----w- c:\program files\Cisco
    2011-02-09 19:36:13 -------- d-----w- c:\users\linda\appdata\roaming\Intel
    2011-02-09 06:09:43 -------- d--h--w- C:\$AVG
    2011-02-09 05:33:22 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-02-09 05:33:18 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{4f3e2d36-d77e-4a02-a25f-8c92206c245c}\mpengine.dll
    2011-02-09 05:16:37 -------- d-----w- c:\users\linda\appdata\roaming\AVG10
    2011-02-09 05:15:34 -------- d--h--w- c:\progra~2\Common Files
    2011-02-09 05:15:16 -------- d-----w- c:\progra~2\AVG Security Toolbar
    2011-02-09 05:13:37 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-02-09 05:13:37 -------- d-----w- c:\progra~2\AVG10
    2011-02-09 05:11:28 -------- d-----w- c:\program files\AVG
    2011-02-09 04:46:09 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-09 03:49:01 -------- d-----w- c:\users\linda\appdata\roaming\SUPERAntiSpyware.com
    2011-02-09 03:49:01 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
    2011-02-09 03:48:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-02-09 03:17:32 -------- d-----w- c:\program files\CleanUp!
    2011-02-09 02:51:42 -------- d-----w- c:\users\linda\appdata\roaming\Malwarebytes
    2011-02-09 02:51:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-09 02:51:34 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-09 02:51:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-09 02:51:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-08 22:42:48 388096 ----a-r- c:\users\linda\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-02-08 22:42:47 -------- d-----w- c:\program files\Trend Micro
    2011-02-08 21:51:01 -------- d-----w- c:\progra~2\MFAData
    2011-02-08 21:31:47 -------- d-----w- c:\users\linda\appdata\local\WindowsUpdate
    2011-02-08 21:10:46 -------- d-----w- c:\windows\pss
    2011-01-31 15:57:30 -------- d-----w- c:\program files\iPod
    2011-01-31 15:57:27 -------- d-----w- c:\program files\iTunes

    ==================== Find3M ====================

    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
    2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-08 18:12:02 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-08 18:11:52 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-12-08 18:11:46 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-12-08 18:11:44 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 11:13:32.39 ===============

    **************************************************************************************************************
    Attach.txt below


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 2/4/2009 1:20:03 AM
    System Uptime: 2/12/2011 10:46:39 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0N6705
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | Microprocessor | 1500/166mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 99 GiB total, 12.463 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 5.416 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    G: is CDROM ()
    H: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP128: 2/10/2011 11:12:02 PM - Windows Update
    RP129: 2/10/2011 11:33:44 PM - Windows Update
    RP130: 2/11/2011 3:00:11 AM - Windows Update
    RP131: 2/11/2011 10:22:46 AM - Removed Dell DataSafe Online
    RP132: 2/12/2011 3:00:11 AM - Windows Update

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AdVantage (Powering DAEMON Tools)
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Duplicate File Finder
    AVG 2011
    Banctec Service Agreement
    Beyond Compare Version 3.1.11
    Bonjour
    Broadcom Gigabit Integrated Controller
    Broadcom Management Programs
    BufferChm
    C5100
    c5100_Help
    CleanUp!
    Copy
    CustomerResearchQFolder
    D3DX10
    Dell Getting Started Guide
    Dell Support Center
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    DellSupport
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    EDocs
    eSupportQFolder
    Fax
    Fingerprint Reader Suite 5.6
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 8.0
    HP Driver Diagnostics
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart.All-In-One Driver Software 8.0 .A
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) PROSet/Wireless Software
    iTunes
    Java(TM) 6 Update 7
    Junk Mail filter update
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Live! Cam Avatar Creator
    Live! Cam Avatar v1.0
    LogMeIn
    Malwarebytes' Anti-Malware
    MarketResearch
    mCorev32.ism_new
    mCPlug
    mDriver
    MediaDirect
    Mesh Runtime
    Messenger Companion
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mMHouse
    Mozilla Firefox (3.6.13)
    Mozilla Thunderbird (3.1.3)
    mPfMgr
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music, Photos & Videos Launcher
    mWMI
    OutlookAddinSetup
    Product Documentation Launcher
    QuickSet
    QuickTime
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    SolutionCenter
    Status
    SUPERAntiSpyware
    Toolbox
    TrayApp
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    WebReg
    WIDCOMM Bluetooth Software 6.0.1.3100
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources

    ==== Event Viewer Messages From Past Week ========

    2/12/2011 3:38:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2393802).
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:29:59 AM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/12/2011 3:27:31 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    2/12/2011 2:49:21 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0013E87A28D9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/12/2011 10:58:22 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.23 for the Network Card with network address 0013E87A28D9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    2/12/2011 10:48:39 AM, Error: Service Control Manager [7000] - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error: The system cannot find the file specified.
    2/10/2011 2:47:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 SASDIFSV SASKUTIL spldr sptd Wanarpv6
    2/10/2011 2:47:49 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/10/2011 2:47:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/10/2011 2:47:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/10/2011 2:47:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/10/2011 2:47:00 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    2/10/2011 2:45:40 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/10/2011 11:50:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/10/2011 11:50:20 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/10/2011 11:38:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/10/2011 11:20:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 258
    2/10/2011 11:06:48 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Internet Explorer 8 for Windows Vista.
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017_ie8~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017_ie8_0~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568_ie8~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568_ie8_0~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2482017~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_1_for_KB2447568~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-SP1-Update~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-RTM-Update~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package-MiniLP~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 11:05:18 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2482017~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:17 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2447568~31bf3856ad364e35~x86~~8.0.1.0 () into Absent(Absent) state
    2/10/2011 11:05:15 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package-TopLevel~31bf3856ad364e35~x86~~8.0.6001.18702 () into Staged(Staged) state
    2/10/2011 1:31:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2485376).
    2/10/2011 1:31:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2483185).
    2/10/2011 1:31:16 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Windows Vista (KB2479628).
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2485376_client~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2485376_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2485376_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2483185_client~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2483185_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2483185_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2479628~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2479628_client~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2479628_client_2~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2479628_client_1~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client_2~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802_client_1~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_7_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2485376~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_5_for_KB2479628~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_3_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2485376~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2479628~31bf3856ad364e35~x86~~6.0.1.1 () into Resolved(Resolved) state
    2/10/2011 1:29:22 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_2_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:03 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:29:00 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3 () into Resolved(Resolved) state
    2/10/2011 1:28:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Package_for_KB2485376~31bf3856ad364e35~x86~~6.0.1.3 () into Staged(Staged) state

    ==== End Of File ===========================
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Some tips for you:
    1. The first thing I did when I got my Dell computers was to stop and uninstall the preloaded junk.
    2. The first thing I did after I connected my HP all-in-one was to take all of it's processes off of the start menu, disable Service that wasn't needed and delete some of the processes they put on all the peripherals that isn't needed to run them
    3. The second thing I did with all of my computers was to disable all auto-update except the AV and take those processes off of Startup> like Java, Adobe< HP Update, iTunes update, QuickTime update.
    4. The next thing I did was open the Event Viewer and look for Error Events. If I saw one that was repeating and didn't know why, I'd search for cause and cure>> such as your multiples of this Error:
    Microsoft-Windows-Servicing [4375]

    (Windows Servicing failed to complete the process of setting package Microsoft-Windows-InternetExplorer-8-Package~31bf3856ad364e35~x86~en-US~8.0.6001.18702 () into Staged(Staged) state:)
    Which I would find on this TechNet site.http://social.technet.microsoft.com...-4375-package-installations-or-removals.aspx=

    These things aren't your problem- not directly. But every unnecessary or unneeded process that is connected to the internet can put the system at risk> and everything I said above is directly related to what I see in your system.
    =====================================================
    It also appears that on 2/10 and 2/11, you combed the internet, trying to find something that would fix the problem- when all you knew at that point was that your searches were being redirected>> but you didn't know why>> so you really didn't know what scan might be appropriate. So you need to remove Kaspersky because you shouldn't have more than 1 AV. (02-11 15:11:36>> - c:\progra~2\Kaspersky Lab.

    And you installed SupportSoft which offers remote support and PC Doctor which appears to be more of a tool for the manufacturers rather than users. Both of these were costly, were they not? And so far, I don't see that TDSSKiller is indicated- but that's just based on what I can see here.
    ===================================================
    The Java is very outdated and this is a vulnerability as well as possibly slowing the system down. Please check this site .Java Updates .The most current update is v6u23 Uninstall Java v6u7 and any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ======================================
    I would like you to run Combofix. Unfortunately, you will have to uninstall AVG to do it. You may get by just using this, so try this first:
    AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior to launching AVG Remover.
    Use the appropriate download for your system for the AVG Remover:
    AVG Remover:32bit
    AVG Remover:64 bit
    ========================================
    Then go on to the next reply to run Combofix. If you get a message that Combofix won't run because of AVG, let me know and I'll have you use an app remover.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  6. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Combofix

    Combofix log is below for your review. Please let me know next steps. Thanks for your help!

    ComboFix 11-02-13.01 - Linda 02/14/2011 0:49.1.2 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.1169 [GMT -5:00]
    Running from: c:\users\Linda\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Linda\AppData\Roaming\AdVantage
    c:\users\Linda\AppData\Roaming\AdVantage\about_AdVantage.mht
    c:\users\Linda\AppData\Roaming\AdVantage\advantage.cfg
    c:\users\Linda\AppData\Roaming\AdVantage\advantage.cfg.7a02fe140c568113abe8b7ac87900bca
    c:\users\Linda\AppData\Roaming\AdVantage\advantage.mht
    c:\users\Linda\AppData\Roaming\AdVantage\AdVUninst.exe
    c:\users\Linda\AppData\Roaming\AdVantage\diff.cfg.30f9990d6a5bde5bf2c1f3ed8974f228.e31f70f60e237b95d79fb5d18fdc8d1c
    c:\users\Linda\AppData\Roaming\AdVantage\diff.cfg.92d38fe0b789c376a35f3e623e72779d.4b842e2da1f19bb9937aa5431fe39b11
    c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk
    c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk\Uninstall Windows Disk.lnk
    c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Disk\Windows Disk.lnk

    Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
    .

    2011-02-14 05:55 . 2011-02-14 05:57 -------- d-----w- c:\users\Linda\AppData\Local\temp
    2011-02-14 05:55 . 2011-02-14 05:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-02-14 05:27 . 2011-02-14 05:27 -------- d-----w- c:\program files\Common Files\Java
    2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-14 05:08 . 2011-02-14 05:25 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-02-11 15:27 . 2011-02-11 15:27 7168 ----a-w- c:\windows\system32\drivers\utm0mjuw.sys
    2011-02-11 15:11 . 2011-02-12 15:23 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-02-11 04:29 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
    2011-02-11 04:00 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-02-11 04:00 . 2010-12-18 06:26 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-02-11 04:00 . 2010-12-18 06:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-02-10 06:10 . 2011-02-10 06:11 -------- d-----w- c:\program files\Dell Support Center
    2011-02-10 05:59 . 2011-02-10 06:14 -------- d-----w- c:\programdata\PCDr
    2011-02-10 05:59 . 2011-02-10 06:01 -------- d-----w- c:\users\Linda\AppData\Roaming\PCDr
    2011-02-10 04:30 . 2011-02-10 06:09 -------- d-----w- c:\programdata\SupportSoft
    2011-02-10 04:29 . 2011-02-10 06:09 -------- d-----w- c:\program files\Common Files\supportsoft
    2011-02-09 21:27 . 2011-02-09 21:27 -------- d-----w- c:\windows\en
    2011-02-09 21:26 . 2010-09-23 05:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2011-02-09 21:22 . 2011-02-09 21:41 -------- d-----w- c:\program files\Microsoft
    2011-02-09 21:21 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2011-02-09 21:21 . 2009-09-04 22:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2011-02-09 21:21 . 2009-09-04 22:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2011-02-09 21:14 . 2011-02-09 21:14 -------- d-----w- c:\users\Linda\AppData\Local\Windows Live
    2011-02-09 21:14 . 2011-02-09 21:14 -------- d-----w- c:\program files\Common Files\Windows Live
    2011-02-09 21:13 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2011-02-09 21:12 . 2011-02-10 18:27 -------- d-----w- c:\program files\Microsoft Silverlight
    2011-02-09 20:17 . 2011-02-09 20:17 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2011-02-09 20:11 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-02-09 19:39 . 2011-02-09 19:39 -------- d-----w- c:\programdata\Roaming
    2011-02-09 19:38 . 2011-02-09 19:38 56 ----a-w- c:\windows\system32\IHV_Install.bat
    2011-02-09 19:38 . 2011-02-09 19:38 -------- d-----w- c:\program files\Cisco
    2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\programdata\Intel
    2011-02-09 19:36 . 2011-02-09 19:36 -------- d-----w- c:\users\Linda\AppData\Roaming\Intel
    2011-02-09 06:09 . 2011-02-09 06:09 -------- d-----w- C:\$AVG
    2011-02-09 05:33 . 2011-02-02 22:10 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F3E2D36-D77E-4A02-A25F-8C92206C245C}\mpengine.dll
    2011-02-09 05:16 . 2011-02-09 05:16 -------- d-----w- c:\users\Linda\AppData\Roaming\AVG10
    2011-02-09 05:15 . 2011-02-09 05:15 -------- d--h--w- c:\programdata\Common Files
    2011-02-09 04:46 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\users\Linda\AppData\Roaming\SUPERAntiSpyware.com
    2011-02-09 03:49 . 2011-02-09 03:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-02-09 03:48 . 2011-02-09 03:49 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-02-09 03:17 . 2011-02-09 03:17 -------- d-----w- c:\program files\CleanUp!
    2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes
    2011-02-09 02:51 . 2011-02-09 02:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-02-09 02:51 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-09 02:51 . 2011-02-12 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-09 02:51 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-08 22:42 . 2011-02-08 22:42 388096 ----a-r- c:\users\Linda\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-02-08 22:42 . 2011-02-08 22:42 -------- d-----w- c:\program files\Trend Micro
    2011-02-08 21:51 . 2011-02-09 04:55 -------- d-----w- c:\programdata\MFAData
    2011-02-08 21:31 . 2011-02-08 21:31 -------- d-----w- c:\users\Linda\AppData\Local\WindowsUpdate
    2011-01-31 15:57 . 2011-01-31 15:57 -------- d-----w- c:\program files\iPod
    2011-01-31 15:57 . 2011-01-31 15:58 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-28 15:55 . 2011-01-12 22:42 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-14 14:49 . 2011-01-12 22:42 1169408 ----a-w- c:\windows\system32\sdclt.exe
    2010-12-08 18:12 . 2010-09-09 23:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-12-08 18:11 . 2010-09-09 23:22 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-12-08 18:11 . 2010-09-09 23:22 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-12-08 18:11 . 2010-09-09 23:22 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2007-04-17 05:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2007-04-17 05:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer1"=wdmaud.drv

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    %ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
    2007-08-22 12:06 167368 ----a-w- c:\program files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-07-30 19:40 16384 ----a-w- c:\dell\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2008-04-22 06:11 166424 ----a-w- c:\windows\System32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-12-11 01:52 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2008-04-22 06:11 141848 ----a-w- c:\windows\System32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 20:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
    2010-01-27 16:22 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
    2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
    2007-12-21 16:58 184320 ----a-w- c:\program files\Dell\MediaDirect\PCMService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
    2008-04-22 06:11 133656 ----a-w- c:\windows\System32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
    2007-04-17 04:50 49168 ----a-w- c:\program files\Fingerprint Reader Suite\launcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-05-10 07:00 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [x]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
    R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]
    R3 utm0mjuw;AVZ Kernel Driver;c:\windows\system32\Drivers\utm0mjuw.sys [2011-02-11 7168]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-09 691696]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-02 73728]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-05-24 179712]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-04-22 111616]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2011-02-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

    2011-02-14 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]

    2011-02-14 c:\windows\Tasks\User_Feed_Synchronization-{E25AF0CE-209A-4671-829D-9113D775E90A}.job
    - c:\windows\system32\msfeedssync.exe [2011-02-11 04:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\4ib0vqk6.default\
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    HKLM-Run-%PROVIDERID% - bin\sprtcmd.exe
    HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
    MSConfigStartUp-AdVantage - c:\users\Linda\AppData\Roaming\advantage\AdVantage.exe
    MSConfigStartUp-AkmVwFwGWSnRsE - c:\programdata\AkmVwFwGWSnRsE.exe
    MSConfigStartUp-b7mBXDCwNdE - c:\programdata\b7mBXDCwNdE.exe
    MSConfigStartUp-MskAgentexe - c:\program files\McAfee\MSK\MskAgent.exe
    MSConfigStartUp-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    AddRemove-advantage_DAEM - c:\users\Linda\AppData\Roaming\advantage\AdVUninst.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(3536)
    c:\program files\Fingerprint Reader Suite\farchns.dll
    c:\program files\Fingerprint Reader Suite\infra.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Fingerprint Reader Suite\upeksvr.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\LogMeIn\x86\RaMaint.exe
    c:\program files\LogMeIn\x86\LogMeIn.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\STacSV.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2011-02-14 01:02:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-02-14 06:02

    Pre-Run: 17,333,583,872 bytes free
    Post-Run: 16,971,485,184 bytes free

    - - End Of File - - 60225248F246F3A14FC50C0DFBA8A0DA
  7. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Java

    I removed and updated Java as well.
  8. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Update

    I have just verified that my redirect problem is resolved. In addition, the one Windows update that kept failing has now installed correctly. I assume the two problems were interrelated. Is it safe to reinstall my antivirus now? Currently I am running Superantispyware on start up. Do you recommend I keep that? Also, I have both AVG and Malwarebytes. Do you have a preference for one over the other? If I install one of these, will it have the spyware checking that Superantispyware has? Will the two conflict with each other?

    Thanks for your help!!!
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Yes, please put the AV back on the system. We're not through quite yet. When we are finished, I'll leave you some tips for added security. I'll be back later this afternoon to check the logs.

    You can go ahead and Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard)
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
  10. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    ESET log

    Here's my log. Please let me know the next steps. Thanks for your help!

    C:\Program Files\advantage\AdVUninst.exe a variant of Win32/Adware.Vomba.AA application
    C:\Qoobox\Quarantine\C\Users\Linda\AppData\Roaming\advantage\AdVUninst.exe.vir a variant of Win32/Adware.Vomba.AA application
  11. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Also, what recommendations do you have on av software?
     
  12. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Just checking

    Still with me?
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Been out of town all day- catching up now!

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)
      Code:
      :Files  
      C:\Program Files\advantage\AdVUninst.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    =====================================
    Both of the following antivirus programs are free and known to be good: (use only one)
    Avira Free
    Avast Home

    Please reboot the system after the installation is complete.
    Once the programs is installed, you should check for updates immediately.
  14. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    Latest

    Here's the requested log. Please let me know the next steps.

    All processes killed
    ========== FILES ==========
    C:\Program Files\advantage\AdVUninst.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Linda
    ->Temp folder emptied: 394595 bytes
    ->Temporary Internet Files folder emptied: 71738183 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44836437 bytes
    ->Flash cache emptied: 743 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 35581 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35252 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
    RecycleBin emptied: 6138689 bytes

    Total Files Cleaned = 117.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 02182011_110221

    Files moved on Reboot...

    Registry entries deleted on Reboot...
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Folder::
    c:\progra~2\Kaspersky Lab
    c:\progra~2\PCDr
    c:\users\linda\appdata\roaming\PCDr
    c:\program files\common files\supportsoft
    c:\programdata\SupportSoft
    DDS::
    EB: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File
    mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%???
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . No log needed unless there is a problem.
    ====================
    If there are no more malware-related problems, after you run the above, go on to this:
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    Let me know if you have any more questions.
  16. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    When I drag the .txt file to combo fix, I get an error that says "Installation failed." What's up with that?
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    1. Copy text from script in codebox and paste into Notepad..
    2. Save as CFScript.txt in same location as ComboFix.exe (s/b desktop)
    3. Drag CFScript into Combofix.exe> this will launch a new scan.
    4. Scan produces a new log at C:\ComboFix.txt

    Hopefully you didn't go head with the Combofix uninstall yet. Please try the above again and make sure you are working with the correct file extensions.
  18. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    I ge the same "installation failed" error. Can this be run manually from within ComboFix?
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    It is run manually from within Combofix after you drag the script in! The error you are getting indicates you are double-clicking on the setup file on the desktop to install the program, but the script isn't there.

    Did you do the Combofix uninstall?
  20. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    BTW, this is what I have copied into CFScript.txt(wordwrap off). It looks like it is blowing up on the mrun statement. Are the question marks at the end of that line correct?

    File::
    Folder::
    c:\progra~2\Kaspersky Lab
    c:\progra~2\PCDr
    c:\users\linda\appdata\roaming\PCDr
    c:\program files\common files\supportsoft
    c:\programdata\SupportSoft
    DDS::
    EB: {D367A4AF-8202-4173-A115-9831108F1E0A} - No File
    mRun: [%PROVIDERID%] "bin\sprtcmd.exe" /P %PROVIDERID%???
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
  21. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    I did not do the combofix uninstall, however I can reinstall if you wish.
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You copy exactly what I have in the Codebox.
  23. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    I did copy exactly what was in the codebox. Your codebox had 18 lines and my script has 18 lines(includes one blank line). If the codebox is not showing all that it should, can you please repost it in the body of the document? Thanks!
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    The entry is correct. It is from the DDS log. Registry entries have already been removed. What do you mean "blowing up?"

    Are we still discussing the fact that you have not been able to run the script yet? Those entries need to be removed. I took you through the steps for the script to make sure you were handling the correct file extension. It was meant to help, not to irritate.
  25. rmhughes0711

    rmhughes0711 Newcomer, in training Topic Starter Posts: 57

    I still get the error when I drag the .txt file onto the .exe. Since this is not my laptop, I need to return it to its owner, however, I want to run this issue all the way to completion before giving it back. Your help has been great. Please let me know the next steps.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.