Solved Microsoft Outlook Issues

Status
Not open for further replies.
BillAllen55

BillAllen55

Posts: 363   +0
I put together an email with attachment that I attempted to send through my XP Outlook email server. This was for a college class project and I believe it may have been larger than what the campus was willing to upload. The email would not send. I went to an on campus computer lab and was able to send the email after splitting the document in half. (sending part 1, part 2. ) The problem now is that when I open my home Outlook server it is still trying to send the email even after cancelling the send direction. I believe I have some type of virus going on can someone please help.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:06:04 AM, on 12/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\AOL 9.1\shellmon.exe
C:\Documents and Settings\Philip Moore\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7542 bytes


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5214

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/1/2010 5:55:37 AM
mbam-log-2010-12-01 (05-55-37).txt

Scan type: Quick scan
Objects scanned: 165533
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
MVPS Hosts File
SpywareBlaster 4.4
Spybot - Search & Destroy
SUPERAntiSpyware
CCleaner
Winferno Registry Power Cleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.2.161.23
Adobe Reader 9.4.1
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Welcome back! I hope school is going well! The problem you're having doesn't sound like malware. We need to find out how to remove mail from the Outlook outbox! If it was OE, I could rattle it right off! But I'm going to have to look this one up.

I'm going to take a lunch break so if you have time between classes, I'd like you to please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, leave the logs for review in your next reply .

Let's add the Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
Bobbye:

You are always here when I need you! THANK YOU.
I finished my 17 credit hours early and yes, I have plenty of time to work out this kink.
These are the current scans that I've done attempting a resolution. The GMER scan is too large to paste into this reply. For that reason I'm attaching this scan. I know this is not the correct protocol, I'm not sure how else to get it to you. View attachment mbam-log-2010-12-01 (05-55-37).txt

View attachment hijackthis.log

Philip.
 
Replying to problems with scans:

The character number has been greatly increased so that logs can be pasted in the reply. And you can use multiple posts if needed. About GMER: you should be able to get the scan in easily-unless you did not heed this in the directions:
Warning! Please do not select the "Show all" checkbox during the scan.
If you did select 'Show All', please delete that log and run GMER again without checking this.
=========================================
I'm not understanding where the AVG problem is coming from. The HJT log you left shows Avira and the Security Check shows Microsoft Security Essentials . There are no processes or Services for AVG.

The information in the HJT log does not match what you sent me. Please give me something to work with- here, on the thread.
 
Philip- I missed Mbam but it was clean. We do want logs pasted now, but at some later point, if you have something to attach , you would use the Attachment feature. Click on Go Advanced and look on the lower part of your screen. Not for the V&M forum though.

You need to run the current programs in the updated thread: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Then you need to paste the results in your next reply. Use multiple posts if needed.
 
Bobbye,
When attempting to run the GMER or the DDS by Subs I get this message:
"Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
After clicking ok to this direction I get a 'launch application box, (which I have never seen before) Which states "This link need to be opened with an application, Send to:
it then provides an area where I can go to my computer and find a program to allow it to run. Nothing works when I attempt to use a program to run either program.
What now?
 
PLease disregard last post!

I was able to get GMER and DDS Subs to run. I'm pasting the results as follows:
dds subs attach results:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2009 9:32:33 AM
System Uptime: 12/3/2010 2:28:29 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS4P
Processor: Intel Pentium III Xeon processor | Socket 775 | 3166/333mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 481.285 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek PCIe GBE Family Controller
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&2182FE78&0&00E5
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek PCIe GBE Family Controller #2
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&2182FE78&0&00E5
Service: RTLE8023xp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\1FD0A80627
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\1FD0A80627
Service: NIC1394

==== System Restore Points ===================

RP227: 9/7/2010 7:14:59 AM - System Checkpoint
RP228: 9/8/2010 8:12:07 AM - System Checkpoint
RP229: 9/9/2010 9:42:06 AM - System Checkpoint
RP230: 9/12/2010 9:06:55 AM - Installed Windows XP -- Software Updates KB952011.
RP231: 9/13/2010 11:42:54 AM - System Checkpoint
RP232: 9/15/2010 9:37:24 AM - System Checkpoint
RP233: 9/15/2010 10:21:22 AM - Software Distribution Service 3.0
RP234: 9/16/2010 10:13:21 AM - Installed Java(TM) 6 Update 16
RP235: 9/16/2010 10:13:48 AM - Installed OpenOffice.org 3.1
RP236: 9/16/2010 12:47:53 PM - Installed WeatherBug
RP237: 9/17/2010 1:40:07 PM - System Checkpoint
RP238: 9/18/2010 2:57:38 PM - System Checkpoint
RP239: 9/20/2010 5:21:11 AM - Removed Google Earth.
RP240: 9/20/2010 5:21:50 AM - Installed Google Earth.
RP241: 9/21/2010 11:04:20 AM - System Checkpoint
RP242: 9/23/2010 1:42:45 PM - System Checkpoint
RP243: 9/25/2010 11:48:05 AM - System Checkpoint
RP244: 9/27/2010 8:32:03 AM - System Checkpoint
RP245: 9/28/2010 9:52:11 AM - System Checkpoint
RP246: 9/29/2010 4:29:21 AM - Software Distribution Service 3.0
RP247: 9/30/2010 8:39:28 AM - System Checkpoint
RP248: 10/1/2010 9:26:39 AM - System Checkpoint
RP249: 10/2/2010 1:12:04 PM - System Checkpoint
RP250: 10/3/2010 6:28:42 AM - Software Distribution Service 3.0
RP251: 10/3/2010 8:09:18 AM - Software Distribution Service 3.0
RP252: 10/4/2010 8:27:56 AM - System Checkpoint
RP253: 10/5/2010 4:26:58 AM - Software Distribution Service 3.0
RP254: 10/6/2010 4:52:22 AM - Software Distribution Service 3.0
RP255: 10/7/2010 9:41:17 AM - Software Distribution Service 3.0
RP256: 10/8/2010 4:15:23 PM - Software Distribution Service 3.0
RP257: 10/9/2010 10:11:17 AM - Software Distribution Service 3.0
RP258: 10/10/2010 6:57:57 AM - Software Distribution Service 3.0
RP259: 10/11/2010 11:26:50 AM - System Checkpoint
RP260: 10/12/2010 4:10:04 AM - Software Distribution Service 3.0
RP261: 10/13/2010 4:35:30 AM - Software Distribution Service 3.0
RP262: 10/13/2010 5:31:33 AM - Software Distribution Service 3.0
RP263: 10/14/2010 6:09:21 AM - Software Distribution Service 3.0
RP264: 10/14/2010 6:25:28 AM - Software Distribution Service 3.0
RP265: 10/14/2010 7:13:28 AM - Software Distribution Service 3.0
RP266: 10/15/2010 10:33:52 AM - System Checkpoint
RP267: 10/16/2010 3:56:11 AM - Software Distribution Service 3.0
RP268: 10/17/2010 4:51:57 AM - Software Distribution Service 3.0
RP269: 10/17/2010 7:22:16 AM - Software Distribution Service 3.0
RP270: 10/18/2010 11:08:39 AM - System Checkpoint
RP271: 10/19/2010 3:43:14 AM - Software Distribution Service 3.0
RP272: 10/20/2010 4:36:21 AM - Software Distribution Service 3.0
RP273: 10/21/2010 11:53:26 AM - System Checkpoint
RP274: 10/21/2010 4:14:03 PM - Software Distribution Service 3.0
RP275: 10/23/2010 4:39:18 AM - Software Distribution Service 3.0
RP276: 10/24/2010 4:40:42 AM - Software Distribution Service 3.0
RP277: 10/24/2010 7:03:00 AM - Software Distribution Service 3.0
RP278: 10/25/2010 10:39:26 AM - System Checkpoint
RP279: 10/26/2010 4:08:57 AM - Software Distribution Service 3.0
RP280: 10/27/2010 4:26:03 AM - Software Distribution Service 3.0
RP281: 10/28/2010 4:27:03 PM - Software Distribution Service 3.0
RP282: 10/29/2010 2:33:41 PM - Installed Adobe Reader 9.4.0.
RP283: 10/30/2010 4:39:00 AM - Software Distribution Service 3.0
RP284: 10/31/2010 4:48:00 AM - Software Distribution Service 3.0
RP285: 10/31/2010 6:42:22 AM - Software Distribution Service 3.0
RP286: 11/1/2010 5:19:00 AM - Removed Java(TM) 6 Update 16
RP287: 11/1/2010 5:22:08 AM - Installed Java(TM) 6 Update 22
RP288: 11/1/2010 5:37:18 AM - Removed COMODO Internet Security
RP289: 11/2/2010 4:27:50 AM - Software Distribution Service 3.0
RP290: 11/3/2010 11:33:50 AM - System Checkpoint
RP291: 11/4/2010 2:57:59 AM - Software Distribution Service 3.0
RP292: 11/5/2010 4:47:23 AM - Software Distribution Service 3.0
RP293: 11/6/2010 5:29:10 AM - Software Distribution Service 3.0
RP294: 11/7/2010 4:31:16 AM - Software Distribution Service 3.0
RP295: 11/7/2010 6:06:48 AM - Software Distribution Service 3.0
RP296: 11/7/2010 10:02:59 AM - Software Distribution Service 3.0
RP297: 11/8/2010 10:57:40 AM - System Checkpoint
RP298: 11/9/2010 4:37:55 AM - Software Distribution Service 3.0
RP299: 11/10/2010 3:38:21 AM - Software Distribution Service 3.0
RP300: 11/11/2010 4:27:56 AM - Software Distribution Service 3.0
RP301: 11/11/2010 7:59:20 AM - Installed Windows 7 Upgrade Advisor
RP302: 11/12/2010 4:33:04 AM - Software Distribution Service 3.0
RP303: 11/14/2010 4:25:23 AM - Software Distribution Service 3.0
RP304: 11/14/2010 9:49:40 AM - Software Distribution Service 3.0
RP305: 11/15/2010 10:55:11 AM - System Checkpoint
RP306: 11/16/2010 4:40:39 AM - Software Distribution Service 3.0
RP307: 11/16/2010 6:59:35 AM - Installed Java(TM) 6 Update 20
RP308: 11/16/2010 7:00:19 AM - Removed OpenOffice.org 3.1
RP309: 11/16/2010 7:01:57 AM - Installed OpenOffice.org 3.2
RP310: 11/17/2010 7:34:12 AM - System Checkpoint
RP311: 11/18/2010 4:37:16 AM - Software Distribution Service 3.0
RP312: 11/19/2010 4:37:57 AM - Software Distribution Service 3.0
RP313: 11/19/2010 9:56:00 AM - Installed iTunes
RP314: 11/20/2010 5:00:22 AM - Software Distribution Service 3.0
RP315: 11/21/2010 9:25:19 AM - System Checkpoint
RP316: 11/21/2010 9:45:43 AM - Software Distribution Service 3.0
RP317: 11/23/2010 4:32:06 AM - Software Distribution Service 3.0
RP318: 11/23/2010 5:30:41 AM - Installed Windows XP -- Software Updates KB952011.
RP319: 11/23/2010 9:14:27 AM - Installed Auslogics Antivirus
RP320: 11/23/2010 9:21:48 AM - Removed Auslogics Antivirus
RP321: 11/24/2010 4:46:43 AM - Software Distribution Service 3.0
RP322: 11/28/2010 5:15:19 AM - Software Distribution Service 3.0
RP323: 11/28/2010 10:16:25 AM - Software Distribution Service 3.0
RP324: 11/29/2010 6:05:18 AM - Installed AVG 2011
RP325: 11/29/2010 6:06:55 AM - Removed AVG 2011
RP326: 11/29/2010 6:09:19 AM - Installed AVG 2011
RP327: 11/29/2010 6:09:38 AM - Installed AVG 2011
RP328: 11/29/2010 7:07:52 AM - Restore Operation
RP329: 11/30/2010 6:41:07 AM - a Test Restore Point (viruses spyware)
RP330: 12/1/2010 7:00:21 AM - Restore Operation
RP331: 12/1/2010 7:27:54 AM - Removed Java(TM) 6 Update 20
RP332: 12/2/2010 12:15:08 PM - System Checkpoint
RP333: 12/2/2010 4:59:16 PM - after major spyware scan
RP334: 12/3/2010 6:23:27 AM - Installed COMODO Internet Security

==== Installed Programs ======================


@BIOS Ver.2.01
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Advanced SystemCare 3
Advertising Center
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian FLV Player
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0 (Update Version)
AVS4YOU Software Navigator 1.4
Bing Maps 3D
Bonjour
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
COMODO Internet Security
Compatibility Pack for the 2007 Office system
ConvertHelper 2.2
CutePDF Writer 2.8
Download Updater (AOL LLC)
Easy Tune 6 B08.0708.2
Energy Saver Advance B8.0711.1
ESET Online Scanner v3
EVEREST Home Edition v2.20
EVGA Precision 1.2.0
File Uploader
Final Media Player 2010
Foxit Creator
Foxit PDF Editor
Foxit Reader
Game Booster
Google Chrome
Google Earth
Google Update Helper
GPL Ghostscript 8.71
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
ICQ
ICQ Toolbar
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
LameACM
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
MFC RunTime files
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft IntelliPoint 7.1
Microsoft IntelliType Pro 7.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.8)
Mozilla Firefox 4.0b5 (x86 en-US)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9 Essentials
Nero ControlCenter
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart OEM
neroxml
Nikon Message Center
Nikon Transfer
Nikon View 6
NVIDIA Control Panel 260.99
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
NVIDIA nTune
NVIDIA nView 135.36
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.2
Pack Crystal XP 3.0
Paint.NET v3.5.5
Picasa 3
Preclick PhotoMovieMaker
Pretty Good Solitaire version 12.0.1
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RocketDock 1.3.5
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
SiteRanker
Smart Defrag
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
System Requirements Lab
System Requirements Lab for Intel
TBS WMP Plug-in
TmNationsForever
TmUnitedForever Update 2010-03-15
Uninstall 1.0.0.1
Uninstall AOL Emergency Connect Utility 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update Manager B08.0515.1
VCRedistSetup
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VZWDownloadManager
WeatherBug
WebFldrs XP
Windows 7 Upgrade Advisor
Windows Backup Utility
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Windows XP Service Pack 3
Winferno Registry Power Cleaner
WinRAR 4.00 beta 1 (32-bit)
Wondershare DVD Slideshow Builder(Build 6.0.2.27)
Wondershare Flash Gallery Factory 4.8.2.18
Yahoo! Toolbar
Zune
Zune Language Pack (DEU)
Zune Language Pack (ESP)
Zune Language Pack (FRA)
Zune Language Pack (ITA)
Zune Language Pack (NLD)
Zune Language Pack (PTB)
Zune Language Pack (PTG)

==== Event Viewer Messages From Past Week ========

12/1/2010 7:28:13 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
11/30/2010 6:12:10 AM, error: Service Control Manager [7031] - The Windows CardSpace service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/30/2010 4:22:31 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
11/30/2010 4:22:31 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2010 4:22:31 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
11/30/2010 11:03:50 AM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%1450" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
11/29/2010 7:20:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
11/29/2010 6:20:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
11/28/2010 9:31:32 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:32 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
11/28/2010 9:31:29 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:29 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The nTune Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The COMODO livePCsupport Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
11/28/2010 9:31:27 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
11/28/2010 9:31:27 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

GMER results:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-03 14:40:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-16 WDC_WD6401AALS-00L3B2 rev.01.03B01
Running: ftfuifhv.exe; Driver: C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\kfpcykoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB35B7768]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB35B79BE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

mbam:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5237

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/3/2010 5:23:28 AM
mbam-log-2010-12-03 (05-23-28).txt

Scan type: Quick scan
Objects scanned: 166046
Time elapsed: 16 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Combofix text:

Bobbye:
I did a combofix and this is the results:
ComboFix 10-08-27.03 - Philip Moore 08/28/2010 15:34:12.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1491 [GMT -7:00]
Running from: c:\documents and settings\Philip Moore\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Philip Moore\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\docume~1\philip~1\locals~1\temp\cpuz132\cpuz132_x32.sys"
"c:\documents and settings\All Users\Application Data\DriverCure"
"c:\program files\anti trojan elite\atepmon.sys"
"c:\program files\logmein\x86\rainfo.sys"
"c:\windows\system32\7e.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ132
-------\Service_MEMSWEEP2


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
.

2010-08-27 13:25 . 2010-08-27 13:25 -------- d-----w- C:\VritualRoot
2010-08-27 13:23 . 2010-08-27 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
2010-08-26 14:40 . 2008-05-02 16:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-08-26 00:52 . 2010-08-26 00:52 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Auslogics
2010-08-22 12:22 . 2010-08-25 00:37 -------- d-----w- c:\program files\Anti Trojan Elite
2010-08-21 23:07 . 2010-08-21 23:07 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\Sunbelt Software
2010-08-18 12:30 . 2010-08-22 14:29 -------- d-----w- c:\program files\NetworkView36
2010-08-17 12:47 . 2010-08-27 12:00 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\CutePDF Writer
2010-08-17 12:44 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-08-17 12:44 . 2010-08-17 12:44 -------- d-----w- c:\program files\Acro Software
2010-08-17 12:22 . 2010-08-17 12:23 -------- d-----w- c:\program files\gs
2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-04 13:10 . 2010-07-27 05:30 705208 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-04 13:10 . 2010-07-27 05:30 978664 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-30 13:31 . 2010-07-29 01:27 1833576 ----a-w- c:\windows\SkyTel.exe
2010-07-30 13:31 . 2010-07-29 01:27 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-30 13:31 . 2010-07-29 01:27 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-07-30 13:31 . 2010-07-27 20:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-30 13:18 . 2010-01-12 20:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-07-30 13:05 . 2010-07-30 13:05 -------- d-----w- c:\program files\SmartTweak Software
2010-07-30 12:55 . 2010-07-30 12:55 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\NVIDIA
2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\MotionDSP
2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\MotionDSP
2010-07-30 12:39 . 2010-07-30 12:42 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Smart PC Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 22:40 . 2009-02-15 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-08-28 22:40 . 2010-07-13 18:09 -------- d-----w- c:\program files\AOL 9.1
2010-08-28 22:38 . 2010-06-23 12:27 4167424 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-28 19:41 . 2010-07-13 18:09 -------- d-----w- c:\program files\Common Files\aolshare
2010-08-28 15:32 . 2010-04-29 21:23 63488 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-28 15:32 . 2009-10-31 11:14 117760 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-27 13:38 . 2009-03-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-27 13:16 . 2010-05-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-08-27 13:07 . 2009-02-15 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-26 22:35 . 2009-02-19 22:59 -------- d-----w- c:\program files\ICQ
2010-08-26 16:48 . 2010-02-20 15:50 -------- d-----w- c:\program files\Synfig
2010-08-26 16:47 . 2010-03-04 12:56 -------- d-----w- c:\program files\Nvu
2010-08-26 16:40 . 2009-11-24 14:46 -------- d-----w- c:\program files\NCH Swift Sound
2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\program files\Common Files\Nero
2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-26 14:38 . 2009-02-24 12:46 -------- d-----w- c:\program files\filehippo.com
2010-08-26 14:25 . 2010-03-30 14:43 -------- d-----w- c:\program files\PCPitstop
2010-08-26 14:24 . 2009-02-15 20:14 -------- d-----w- c:\program files\Google
2010-08-26 13:57 . 2009-03-26 13:32 -------- d-----w- c:\program files\Yahoo!
2010-08-26 13:57 . 2009-08-06 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-25 14:20 . 2009-11-17 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-25 14:18 . 2009-03-05 14:39 -------- d-----w- c:\program files\Common Files\aol
2010-08-24 22:55 . 2009-11-15 14:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-24 16:23 . 2010-03-24 12:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\QuickScan
2010-08-21 23:06 . 2009-02-15 18:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-21 23:04 . 2009-02-15 19:00 -------- d-----w- c:\program files\CCleaner
2010-08-16 12:48 . 2010-06-18 12:03 -------- d-----w- c:\program files\Auslogics
2010-08-14 20:29 . 2009-02-15 20:02 -------- d-----w- c:\program files\nLite
2010-08-14 20:21 . 2010-02-16 13:24 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-08-11 13:16 . 2009-02-15 17:45 -------- d-----w- c:\program files\Realtek
2010-08-08 23:48 . 2010-01-05 17:28 -------- d-----w- c:\program files\Last.fm
2010-08-07 11:56 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-08-02 12:20 . 2009-11-13 13:24 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\CBS Interactive
2010-08-01 19:04 . 2009-02-15 20:10 34744 ----a-w- c:\documents and settings\Philip Moore\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 12:12 . 2010-05-04 13:53 -------- d-----w- c:\program files\MSECACHE
2010-07-31 12:47 . 2010-03-17 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-07-31 11:43 . 2010-07-26 13:04 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-30 12:58 . 2010-06-18 12:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-29 13:03 . 2010-05-31 13:36 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AVS4YOU
2010-07-29 01:27 . 2009-05-12 13:57 359016 ----a-w- c:\windows\vncutil.exe
2010-07-29 01:27 . 2009-02-15 17:46 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-29 01:27 . 2009-02-15 17:46 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-29 01:27 . 2009-02-15 17:46 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-29 01:27 . 2009-05-12 13:57 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-07-29 01:27 . 2009-02-15 17:45 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-29 01:27 . 2009-02-15 17:45 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-29 01:27 . 2009-03-28 13:58 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-07-29 01:27 . 2009-02-15 17:45 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-26 13:27 . 2010-07-26 13:27 -------- d-----w- c:\program files\3B Software
2010-07-26 12:47 . 2010-07-26 12:40 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Error Fix
2010-07-26 12:43 . 2010-07-26 12:39 -------- d-----w- c:\program files\Error Fix
2010-07-23 14:29 . 2009-02-24 13:06 -------- d-----w- c:\program files\Virtual Earth 3D
2010-07-23 13:05 . 2009-03-04 13:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-17 12:42 . 2010-07-09 11:54 -------- d-----w- c:\program files\Ask.com
2010-07-17 12:18 . 2010-07-09 12:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-16 18:34 . 2009-02-15 22:08 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\LimeWire
2010-07-16 18:34 . 2010-03-29 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-13 18:11 . 2009-02-15 18:20 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AOL
2010-07-13 18:11 . 2009-02-15 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-13 18:09 . 2009-11-21 15:46 711392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SinfInst.exe
2010-07-13 18:09 . 2009-02-15 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-07-13 18:08 . 2009-11-21 15:46 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tpspd\wbsetup.exe
2010-07-13 18:08 . 2009-11-21 15:46 260040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuinst.exe
2010-07-13 18:08 . 2009-11-21 15:46 15920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpchk.dll
2010-07-13 18:08 . 2009-11-21 15:46 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\ocfcheck.dll
2010-07-13 18:04 . 2009-11-21 15:46 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpinsti.exe
2010-07-13 18:04 . 2009-11-21 15:46 11312 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuchk.dll
2010-07-13 18:04 . 2009-11-21 15:46 1893728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\waol-0.4334.34.7.exe
2010-07-13 18:03 . 2009-11-21 15:45 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpinst.exe
2010-07-13 18:03 . 2009-11-21 15:45 45056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SiNdInst.dll
2010-07-13 18:03 . 2009-11-21 15:45 67120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\instSup.dll
2010-07-13 18:03 . 2009-11-21 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\vwpt\VPPrePop.exe
2010-07-13 18:03 . 2009-11-21 15:45 54832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\parcon\AOLParconLink.exe
2010-07-13 18:03 . 2009-11-21 15:44 8139800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\acssetup.exe
2010-07-13 18:02 . 2009-11-21 15:44 99256 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sm\sminstlp.exe
2010-07-13 18:02 . 2009-11-21 15:44 62816 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpgc.exe
2010-07-13 18:02 . 2009-11-21 15:44 1134216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\flash\flash9ex.exe
2010-07-13 18:02 . 2009-11-21 15:44 75104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\instSup.dll
2010-07-13 18:02 . 2009-11-21 15:44 10800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfixchk.dll
2010-07-13 18:02 . 2009-11-21 15:44 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfinst.exe
2010-07-13 18:02 . 2009-11-21 15:44 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tb\tbsetup.exe
2010-07-12 14:12 . 2010-07-12 14:12 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-12 14:07 . 2010-07-12 14:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-12 12:38 . 2010-07-12 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 12:37 . 2010-05-04 13:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 11:45 . 2010-07-11 11:45 2944904 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-10 12:49 . 2010-01-01 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Wondershare
2010-07-10 12:48 . 2009-11-30 19:12 -------- d-----w- c:\program files\Wondershare
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:28 . 2009-03-01 16:29 32036 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-07-09 13:09 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar
2010-08-22 14:58 . 2010-08-22 14:58 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-08-26_14.49.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-28 22:41 . 2010-08-28 22:41 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
+ 2010-08-28 22:40 . 2010-08-28 22:40 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
+ 2010-08-28 22:40 . 2010-08-28 22:41 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
+ 2010-06-02 02:00 . 2010-06-02 02:00 87824 c:\windows\system32\drivers\inspect.sys
+ 2010-08-27 22:41 . 2010-08-27 22:41 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
+ 2010-08-27 22:41 . 2010-08-27 22:41 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll
+ 2010-08-27 13:18 . 2010-08-27 13:18 3648000 c:\windows\Installer\81e2fe.msi
+ 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\9b8bf2.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 03:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Philip Moore^Start Menu^Programs^Startup^Y'z Toolbar.lnk]
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
2010-06-02 02:00 2039240 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 08:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
2008-04-03 18:01 297480 ----a-w- c:\program files\GIGABYTE\GBTUpd\PreRun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 11:18 136176 ----atw- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1279044589\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-11-12 00:23 1468256 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 00:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 18:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 04:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 06:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-07-29 01:27 19557480 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-08-27 13:07 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IJPLMSVC"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
"ose"=3 (0x3)
"Imapi Helper"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9967e6b8fdeaa"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winmx\\WinMX.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Philip Moore\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\aol\\1279044589\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/4/2010 7:31 AM 135336]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/15/2009 10:43 AM 80392]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2/15/2009 11:30 AM 222456]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/26/2009 6:43 AM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [7/12/2010 7:07 AM 23456]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S4 gupdate1c9967e6b8fdeaa;Google Update Service (gupdate1c9967e6b8fdeaa);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 5:50 AM 133104]
.
Contents of the 'Scheduled Tasks' folder

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004Core.job
- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004UA.job
- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

2009-11-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 20:43]

2009-11-14 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-08 12:36]

2010-08-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]

2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{4C7BC7CC-AEA4-4620-A730-E10550B9C4A5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: sitesell.com
FF - ProfilePath - c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cocc.edu/
FF - prefs.js: keyword.URL - hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=sf&tbid=80105&language=en&qkw=
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 15:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F679CE86-4DBE-74D7-4C73-9586DE8246D5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(524)
c:\windows\system32\WININET.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\ImgUtil.dll
c:\windows\system32\pngfilt.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-08-28 15:43:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-28 22:43
ComboFix2.txt 2010-08-28 13:31
ComboFix3.txt 2010-08-26 14:50

Pre-Run: 357,481,775,104 bytes free
Post-Run: 357,532,422,144 bytes free

- - End Of File - - BFAED4BBBFEB1AF68A6ABE1A66FF6D46
 
Sorry for the delay- but what's with this old Combofix?

ComboFix 10-08-27.03 - Philip Moore 08/28/2010 15:34:12.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1491 [GMT -7:00]
Command switches used :: c:\documents and settings\Philip Moore\Desktop\cfscript.txt
Running from: c:\documents and settings\Philip Moore\Desktop\ComboFix.exe

Completion time: 2010-08-28 15:43:51 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-28 22:43
ComboFix2.txt 2010-08-28 13:31
ComboFix3.txt 2010-08-26 14:50

I went back and looked at the thread where this was run. Somehow, although I gave you the added security tips, I don't see the instructions to remove the leaning tools

This should have been removed at the end of that thread. So I'll have you uninstall it now along with it's logs, then download and run new.
==================================
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=====================-============
Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
=============================================
Download Combofix to your desktop from one of these locations:
Link 1
Link 2
  • Double click combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Query- Recovery Console image
    RcAuto1.gif

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    Click to expand...
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
 
Bobbye,
I've been studying for next term all morning and good part of the afternoon. I failed to notice your posting. I didn't remove the combo fix from last time and I believe that is what happened. I'm all tuckered out now and will read through and follow your directions in the morning. Thanks for getting back to me.
 
Combofix revisited

BobbyE

Here is the log from a combofix that I ran from the safe mode. I would not run in normal mode. I attempted to paste this log to you but was advised it was too large resulting in the attachment.
View attachment bobbyE.txt
 
Philip, I gave you a reference for ways to get the Outlook email out of the Outboox- actually, as far as I know, that is your main-possibly only problem. Have you attempted that?.

Every once in a while, Combofix spits out that very long 'Snapshot' section. And it does make the logs very long. You will get a new log after you run script I set up for you, so be sure and paste that one in.
What happens when you attempt to run Combofix in Normal Mode? Do you get an error message? What?

This log shows that you are running AVG , Avira, Auslogic and MSE. Multiple AV programs make a system more vulnerable. You need to decide which you want to keep and uninstall all others. If you want to keep MSE, it has an AV program and antimalware program. You can use that with the Comodo firewall. Here are tools to help remove the others:
  • AVG Removal: Note: You may have to reinstall AVG to uninstall it fully
  • To uninstall Avira:
    [o] Start> Settings> Control Panel> Add or Remove Programs
    [o] Wait for the list to populate> click Avira.
    [o] Click Remove
    [o] Press Yes> OK..
    [o]. Click Next until Finish. The software is removed.
  • To uninstall Augistics, please check their support site.
After you have finished, reboot the computer.

You can't just abandon one antivirus program for another. The program has to be correctly uninstalled or it will continue to load and run processes. If you want Microsoft Security Essentials, it has an antivirus program and antimalware.

Please handle the antivirus problem. Then at.tempt the correction of the Outlook problem. Tell me what the problem is with Combofix in Normal Mode

I tried to go through the Combofix log you left- it appears that you have individual group policy settings for each of the Services running. Honestly I've never seen this! What have you attempted to do with the policy settings?

Please delete the Combofix logs from these dates:
ComboFix3.txt 2010-08-30 12:16
ComboFix4.txt 2010-08-28 22:43
ComboFix5.txt 2010-12-06 17:33

If you can better advise me on what the problem are with the exception of Outlook, I could better assist you.
 
MS Outlook issue resolved.

BobbyE

The e-mail issue with Outlook has been resolved. I believe it had to do with a school project I was e-mailing to my professor that was larger than what the service at the college was willing to accept. Long story short this has been resolved.

I went to the link you provided to uninstall the AVG program which was successfully accomplished. As to Auslogic anti-virus program, To my knowledge, I don't have anything like that running. I use an Auslogic defrag, but have never used anything from them by means of an antivirus. I had MSE and uninstalled it (or so I thought) I don't know how to further remove MSE from my system. Currently what I 'thought' I was running is the Avira anti-spyware, and Comodo as my firewall.
I went to the website of 'elder Geeks' and it provides direction as to necessary services. I edited my services based on the elder geeks website direction. What should be changed with regard to my services?

When attempting to run Combofix in the normal mode it would advise that I had anti-virus programs running. AVG an d MSE. Because I didn't know what to do at that point, I simply stopped the Combofix process and switched to the Safe mode which allowed the Combo fix to run.

I think moving forward, my biggest concern are the programs that apparently are still loaded/floating about on my system.

What direction should I take next?
OBTW the Combofix txt that you suggested to delete have been deleted.

Sorry for the length of this post, I have plenty of work needed to be done this holiday season for next term and am feeling quite vulnerable.
Thanks

Philip .
 
What is this in my MSconfig?

I'm still having issues trying to get Combofix to run in normal mode. When I attempt to start combofix using the normal startup it states that I am not the administrator. I went to the control panel and verified that I was the only account being used and that I am the Administrator.When going to the safe mode, Combofix will start but then advises that because I still have MSE loaded that undesirable outcome may occur. It asks to continue.I've uninstalled MSE, I have deleted all files relating to MSE. I have used ATFcleaner and TFC to rid the system of undesirables. I click for it to continue and it runs the program. I have a new log from running it this morning. While waiting for your reply as to what I should be doing next, I went to MSconfig to look around to see what I could see that looks out of whack. What I found was something interesting to me. I found this under the "Startup" tab. It has empty boxes under the "Start up designation" tab, and under the command tab. this is what it reads: HKCU\SOFTWARE\Microsoft\windows\currentversion\windows\Run
View attachment startup12.08.doc this is an attachment showing my msconfig and how it reads.

I didn't like the look of this so I unchecked these boxes. I'm sure you know what is coming next. After restarting the machine these same boxes were in my start up and rechecked.

I don't believe this is something that should be starting upon logon. What do you think?
 
I'm not familiar with what theeldergeek says about Services. I use the Black Viper site for all of my Service settings: http://www.blackviper.com/WinXP/servicecfg.htm It wasn't the Services themselves, but the fact that policies appear to be set for most of them-

I'm going to leave you with information to help resolve the security programs when you have time. I can't get what I'm seeing in the logs and what you're saying resolved, so here's what you need to work on:
============================================
Combofix from August showed this security in the header, which was fine:
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Combofix current shows this in the header and is not fine:
ComboFix 10-12-03.03 - Administrator 12/06/2010 9:52.5.2 - x86 NETWORK
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}> Program OK but out of date
AV: Auslogics Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}This CID is for CID: AV: BitDefender Antivirus Maybe Auslogics uses this. It also shows outdated
AV: Microsoft Security Essentials *MSE has AV and antimalware- now there are 3 AVs
FW: COMODO Firewall *enabled* This is OK if Windows Firewall is disabled
==============================================
Current HijackThis log from 12/1/2010 shows Avira as the AV, no Comodo
Security Check shows: Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
============================================
DDS of 12/3 shows Restore Points for:
RP319: 11/23/2010 9:14:27 AM - Installed Auslogics Antivirus
RP320: 11/23/2010 9:21:48 AM - Removed Auslogics Antivirus>> but it still installed
RP324: 11/29/2010 6:05:18 AM - Installed AVG 2011
RP325: 11/29/2010 6:06:55 AM - Removed AVG 2011
RP326: 11/29/2010 6:09:19 AM - Installed AVG 2011
RP327: 11/29/2010 6:09:38 AM - Installed AVG 2011> installed x3
RP334: 12/3/2010 6:23:27 AM - Installed COMODO Internet Security
=======================================
DDS installed program show:
Auslogics Disk Defrag but also Smart Defrag> from IOBIT
Avira AntiVir Personal - Free Antivirus
COMODO Internet Security
ESET Online Scanner v3
Malwarebytes' Anti-Malware
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware
====================================
What you need to do when you get the time is get the security programs down to 1 antivirus, 1 firewall and multiple antimalware is okay.
Remove one of the defrag programs. Possible conflict.

If you find left over entries from any of the programs you uninstalled, use the Windows Installer Cleanup Utility to remove them:
============================================
Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

When you get back on some kind of a regular schedule (if it exists!) let me know if there are any malware related problems.

Have a Happy and Peaceful Holiday!
peace_dove_bigger_normal.jpg
 
What did you think about what was found in MSconfig?

BillAllen55 said:
While waiting for your reply as to what I should be doing next, I went to MSconfig to look around to see what I could see that looks out of whack. What I found was something interesting to me. I found this under the "Startup" tab. It has empty boxes under the "Start up designation" tab, and under the command tab. this is what it reads: HKCU\SOFTWARE\Microsoft\windows\currentversion\windows\Run
I didn't like the look of this so I unchecked these boxes. I'm sure you know what is coming next. After restarting the machine these same boxes were in my start up and rechecked.
Click to expand...

What can I do to get rid of this listing in my start up tab?
 
You left the list of Startups in the .doc format. I do not open that file extension- it is not safe for me.

Most of us have one of these 'naked' entries! You should not act on something when you don't know what it is.

To remove entries from Startup using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
  • Click on Selective Startup
  • Choose the Startup tab:
    This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Click on Apply> OK when finished.

NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.

Everyone but a few of us has too much on Startup! The only processes that need to be there are:
Processes for antivirus program.
Processes for firewall, if you have a third party firewall such as Comodo
The process for the touchpad if you're working on a laptop
Network processes (I have 2) if you're using Pure Networks Network Magic>>>>>> nothing else!

No printer, camera, scanner, media player, photo editing programs, DVD processes, etc.
 
BobbyE,
Once again, I believe you have corrected all of my issues with my system.
I would like to wish you and all of yours a Merry Christmas and a happy New Year!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back