TechSpot

Microsoft Outlook Issues

By BillAllen55
Dec 2, 2010
  1. I put together an email with attachment that I attempted to send through my XP Outlook email server. This was for a college class project and I believe it may have been larger than what the campus was willing to upload. The email would not send. I went to an on campus computer lab and was able to send the email after splitting the document in half. (sending part 1, part 2. ) The problem now is that when I open my home Outlook server it is still trying to send the email even after cancelling the send direction. I believe I have some type of virus going on can someone please help.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:06:04 AM, on 12/1/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\WINDOWS\system32\ZuneBusEnum.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Documents and Settings\Philip Moore\My Documents\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cocc.edu/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (file missing)
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 7542 bytes


    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/1/2010 5:55:37 AM
    mbam-log-2010-12-01 (05-55-37).txt

    Scan type: Quick scan
    Objects scanned: 165533
    Time elapsed: 5 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    MVPS Hosts File
    SpywareBlaster 4.4
    Spybot - Search & Destroy
    SUPERAntiSpyware
    CCleaner
    Winferno Registry Power Cleaner
    Java(TM) 6 Update 20
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.2.161.23
    Adobe Reader 9.4.1
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome back! I hope school is going well! The problem you're having doesn't sound like malware. We need to find out how to remove mail from the Outlook outbox! If it was OE, I could rattle it right off! But I'm going to have to look this one up.

    I'm going to take a lunch break so if you have time between classes, I'd like you to please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Let's add the Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    Bobbye:

    You are always here when I need you! THANK YOU.
    I finished my 17 credit hours early and yes, I have plenty of time to work out this kink.
    These are the current scans that I've done attempting a resolution. The GMER scan is too large to paste into this reply. For that reason I'm attaching this scan. I know this is not the correct protocol, I'm not sure how else to get it to you. View attachment mbam-log-2010-12-01 (05-55-37).txt

    View attachment hijackthis.log

    Philip.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Replying to problems with scans:

    The character number has been greatly increased so that logs can be pasted in the reply. And you can use multiple posts if needed. About GMER: you should be able to get the scan in easily-unless you did not heed this in the directions:
    Warning! Please do not select the "Show all" checkbox during the scan.
    If you did select 'Show All', please delete that log and run GMER again without checking this.
    =========================================
    I'm not understanding where the AVG problem is coming from. The HJT log you left shows Avira and the Security Check shows Microsoft Security Essentials . There are no processes or Services for AVG.

    The information in the HJT log does not match what you sent me. Please give me something to work with- here, on the thread.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Philip- I missed Mbam but it was clean. We do want logs pasted now, but at some later point, if you have something to attach , you would use the Attachment feature. Click on Go Advanced and look on the lower part of your screen. Not for the V&M forum though.

    You need to run the current programs in the updated thread: http://www.techspot.com/vb/topic58138.html
    Then you need to paste the results in your next reply. Use multiple posts if needed.
     
  6. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    Bobbye,
    When attempting to run the GMER or the DDS by Subs I get this message:
    "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item."
    After clicking ok to this direction I get a 'launch application box, (which I have never seen before) Which states "This link need to be opened with an application, Send to:
    it then provides an area where I can go to my computer and find a program to allow it to run. Nothing works when I attempt to use a program to run either program.
    What now?
     
  7. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    PLease disregard last post!

    I was able to get GMER and DDS Subs to run. I'm pasting the results as follows:
    dds subs attach results:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/15/2009 9:32:33 AM
    System Uptime: 12/3/2010 2:28:29 PM (0 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-DS4P
    Processor: Intel Pentium III Xeon processor | Socket 775 | 3166/333mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 596 GiB total, 481.285 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek PCIe GBE Family Controller
    Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&2182FE78&0&00E5
    Manufacturer: Realtek Semiconductor Corp.
    Name: Realtek PCIe GBE Family Controller #2
    PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&2182FE78&0&00E5
    Service: RTLE8023xp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\1FD0A80627
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\1FD0A80627
    Service: NIC1394

    ==== System Restore Points ===================

    RP227: 9/7/2010 7:14:59 AM - System Checkpoint
    RP228: 9/8/2010 8:12:07 AM - System Checkpoint
    RP229: 9/9/2010 9:42:06 AM - System Checkpoint
    RP230: 9/12/2010 9:06:55 AM - Installed Windows XP -- Software Updates KB952011.
    RP231: 9/13/2010 11:42:54 AM - System Checkpoint
    RP232: 9/15/2010 9:37:24 AM - System Checkpoint
    RP233: 9/15/2010 10:21:22 AM - Software Distribution Service 3.0
    RP234: 9/16/2010 10:13:21 AM - Installed Java(TM) 6 Update 16
    RP235: 9/16/2010 10:13:48 AM - Installed OpenOffice.org 3.1
    RP236: 9/16/2010 12:47:53 PM - Installed WeatherBug
    RP237: 9/17/2010 1:40:07 PM - System Checkpoint
    RP238: 9/18/2010 2:57:38 PM - System Checkpoint
    RP239: 9/20/2010 5:21:11 AM - Removed Google Earth.
    RP240: 9/20/2010 5:21:50 AM - Installed Google Earth.
    RP241: 9/21/2010 11:04:20 AM - System Checkpoint
    RP242: 9/23/2010 1:42:45 PM - System Checkpoint
    RP243: 9/25/2010 11:48:05 AM - System Checkpoint
    RP244: 9/27/2010 8:32:03 AM - System Checkpoint
    RP245: 9/28/2010 9:52:11 AM - System Checkpoint
    RP246: 9/29/2010 4:29:21 AM - Software Distribution Service 3.0
    RP247: 9/30/2010 8:39:28 AM - System Checkpoint
    RP248: 10/1/2010 9:26:39 AM - System Checkpoint
    RP249: 10/2/2010 1:12:04 PM - System Checkpoint
    RP250: 10/3/2010 6:28:42 AM - Software Distribution Service 3.0
    RP251: 10/3/2010 8:09:18 AM - Software Distribution Service 3.0
    RP252: 10/4/2010 8:27:56 AM - System Checkpoint
    RP253: 10/5/2010 4:26:58 AM - Software Distribution Service 3.0
    RP254: 10/6/2010 4:52:22 AM - Software Distribution Service 3.0
    RP255: 10/7/2010 9:41:17 AM - Software Distribution Service 3.0
    RP256: 10/8/2010 4:15:23 PM - Software Distribution Service 3.0
    RP257: 10/9/2010 10:11:17 AM - Software Distribution Service 3.0
    RP258: 10/10/2010 6:57:57 AM - Software Distribution Service 3.0
    RP259: 10/11/2010 11:26:50 AM - System Checkpoint
    RP260: 10/12/2010 4:10:04 AM - Software Distribution Service 3.0
    RP261: 10/13/2010 4:35:30 AM - Software Distribution Service 3.0
    RP262: 10/13/2010 5:31:33 AM - Software Distribution Service 3.0
    RP263: 10/14/2010 6:09:21 AM - Software Distribution Service 3.0
    RP264: 10/14/2010 6:25:28 AM - Software Distribution Service 3.0
    RP265: 10/14/2010 7:13:28 AM - Software Distribution Service 3.0
    RP266: 10/15/2010 10:33:52 AM - System Checkpoint
    RP267: 10/16/2010 3:56:11 AM - Software Distribution Service 3.0
    RP268: 10/17/2010 4:51:57 AM - Software Distribution Service 3.0
    RP269: 10/17/2010 7:22:16 AM - Software Distribution Service 3.0
    RP270: 10/18/2010 11:08:39 AM - System Checkpoint
    RP271: 10/19/2010 3:43:14 AM - Software Distribution Service 3.0
    RP272: 10/20/2010 4:36:21 AM - Software Distribution Service 3.0
    RP273: 10/21/2010 11:53:26 AM - System Checkpoint
    RP274: 10/21/2010 4:14:03 PM - Software Distribution Service 3.0
    RP275: 10/23/2010 4:39:18 AM - Software Distribution Service 3.0
    RP276: 10/24/2010 4:40:42 AM - Software Distribution Service 3.0
    RP277: 10/24/2010 7:03:00 AM - Software Distribution Service 3.0
    RP278: 10/25/2010 10:39:26 AM - System Checkpoint
    RP279: 10/26/2010 4:08:57 AM - Software Distribution Service 3.0
    RP280: 10/27/2010 4:26:03 AM - Software Distribution Service 3.0
    RP281: 10/28/2010 4:27:03 PM - Software Distribution Service 3.0
    RP282: 10/29/2010 2:33:41 PM - Installed Adobe Reader 9.4.0.
    RP283: 10/30/2010 4:39:00 AM - Software Distribution Service 3.0
    RP284: 10/31/2010 4:48:00 AM - Software Distribution Service 3.0
    RP285: 10/31/2010 6:42:22 AM - Software Distribution Service 3.0
    RP286: 11/1/2010 5:19:00 AM - Removed Java(TM) 6 Update 16
    RP287: 11/1/2010 5:22:08 AM - Installed Java(TM) 6 Update 22
    RP288: 11/1/2010 5:37:18 AM - Removed COMODO Internet Security
    RP289: 11/2/2010 4:27:50 AM - Software Distribution Service 3.0
    RP290: 11/3/2010 11:33:50 AM - System Checkpoint
    RP291: 11/4/2010 2:57:59 AM - Software Distribution Service 3.0
    RP292: 11/5/2010 4:47:23 AM - Software Distribution Service 3.0
    RP293: 11/6/2010 5:29:10 AM - Software Distribution Service 3.0
    RP294: 11/7/2010 4:31:16 AM - Software Distribution Service 3.0
    RP295: 11/7/2010 6:06:48 AM - Software Distribution Service 3.0
    RP296: 11/7/2010 10:02:59 AM - Software Distribution Service 3.0
    RP297: 11/8/2010 10:57:40 AM - System Checkpoint
    RP298: 11/9/2010 4:37:55 AM - Software Distribution Service 3.0
    RP299: 11/10/2010 3:38:21 AM - Software Distribution Service 3.0
    RP300: 11/11/2010 4:27:56 AM - Software Distribution Service 3.0
    RP301: 11/11/2010 7:59:20 AM - Installed Windows 7 Upgrade Advisor
    RP302: 11/12/2010 4:33:04 AM - Software Distribution Service 3.0
    RP303: 11/14/2010 4:25:23 AM - Software Distribution Service 3.0
    RP304: 11/14/2010 9:49:40 AM - Software Distribution Service 3.0
    RP305: 11/15/2010 10:55:11 AM - System Checkpoint
    RP306: 11/16/2010 4:40:39 AM - Software Distribution Service 3.0
    RP307: 11/16/2010 6:59:35 AM - Installed Java(TM) 6 Update 20
    RP308: 11/16/2010 7:00:19 AM - Removed OpenOffice.org 3.1
    RP309: 11/16/2010 7:01:57 AM - Installed OpenOffice.org 3.2
    RP310: 11/17/2010 7:34:12 AM - System Checkpoint
    RP311: 11/18/2010 4:37:16 AM - Software Distribution Service 3.0
    RP312: 11/19/2010 4:37:57 AM - Software Distribution Service 3.0
    RP313: 11/19/2010 9:56:00 AM - Installed iTunes
    RP314: 11/20/2010 5:00:22 AM - Software Distribution Service 3.0
    RP315: 11/21/2010 9:25:19 AM - System Checkpoint
    RP316: 11/21/2010 9:45:43 AM - Software Distribution Service 3.0
    RP317: 11/23/2010 4:32:06 AM - Software Distribution Service 3.0
    RP318: 11/23/2010 5:30:41 AM - Installed Windows XP -- Software Updates KB952011.
    RP319: 11/23/2010 9:14:27 AM - Installed Auslogics Antivirus
    RP320: 11/23/2010 9:21:48 AM - Removed Auslogics Antivirus
    RP321: 11/24/2010 4:46:43 AM - Software Distribution Service 3.0
    RP322: 11/28/2010 5:15:19 AM - Software Distribution Service 3.0
    RP323: 11/28/2010 10:16:25 AM - Software Distribution Service 3.0
    RP324: 11/29/2010 6:05:18 AM - Installed AVG 2011
    RP325: 11/29/2010 6:06:55 AM - Removed AVG 2011
    RP326: 11/29/2010 6:09:19 AM - Installed AVG 2011
    RP327: 11/29/2010 6:09:38 AM - Installed AVG 2011
    RP328: 11/29/2010 7:07:52 AM - Restore Operation
    RP329: 11/30/2010 6:41:07 AM - a Test Restore Point (viruses spyware)
    RP330: 12/1/2010 7:00:21 AM - Restore Operation
    RP331: 12/1/2010 7:27:54 AM - Removed Java(TM) 6 Update 20
    RP332: 12/2/2010 12:15:08 PM - System Checkpoint
    RP333: 12/2/2010 4:59:16 PM - after major spyware scan
    RP334: 12/3/2010 6:23:27 AM - Installed COMODO Internet Security

    ==== Installed Programs ======================


    @BIOS Ver.2.01
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Adobe SVG Viewer 3.0
    Advanced SystemCare 3
    Advertising Center
    AOL Toolbar 5.0
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Applian FLV Player
    Auslogics Disk Defrag
    Avira AntiVir Personal - Free Antivirus
    AVS Update Manager 1.0 (Update Version)
    AVS4YOU Software Navigator 1.4
    Bing Maps 3D
    Bonjour
    Canon iP2600 series
    Canon iP2600 series User Registration
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    CCleaner
    COMODO Internet Security
    Compatibility Pack for the 2007 Office system
    ConvertHelper 2.2
    CutePDF Writer 2.8
    Download Updater (AOL LLC)
    Easy Tune 6 B08.0708.2
    Energy Saver Advance B8.0711.1
    ESET Online Scanner v3
    EVEREST Home Edition v2.20
    EVGA Precision 1.2.0
    File Uploader
    Final Media Player 2010
    Foxit Creator
    Foxit PDF Editor
    Foxit Reader
    Game Booster
    Google Chrome
    Google Earth
    Google Update Helper
    GPL Ghostscript 8.71
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    ICQ
    ICQ Toolbar
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    LameACM
    Last.fm 1.5.4.24567
    Malwarebytes' Anti-Malware
    MFC RunTime files
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft IntelliPoint 7.1
    Microsoft IntelliType Pro 7.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Search Enhancement Pack
    Microsoft Security Essentials
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.9
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WinUsb 1.0
    Mozilla Firefox (3.6.8)
    Mozilla Firefox 4.0b5 (x86 en-US)
    MSN Toolbar
    MSN Toolbar Platform
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Nero 9 Essentials
    Nero ControlCenter
    Nero Installer
    Nero Online Upgrade
    Nero StartSmart
    Nero StartSmart OEM
    neroxml
    Nikon Message Center
    Nikon Transfer
    Nikon View 6
    NVIDIA Control Panel 260.99
    NVIDIA Graphics Driver 260.99
    NVIDIA Install Application
    NVIDIA nTune
    NVIDIA nView 135.36
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NVIDIA Stereoscopic 3D Driver
    OpenAL
    OpenOffice.org 3.2
    Pack Crystal XP 3.0
    Paint.NET v3.5.5
    Picasa 3
    Preclick PhotoMovieMaker
    Pretty Good Solitaire version 12.0.1
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    REALTEK GbE & FE Ethernet PCI NIC Driver
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Segoe UI
    SiteRanker
    Smart Defrag
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SUPERAntiSpyware
    System Requirements Lab
    System Requirements Lab for Intel
    TBS WMP Plug-in
    TmNationsForever
    TmUnitedForever Update 2010-03-15
    Uninstall 1.0.0.1
    Uninstall AOL Emergency Connect Utility 1.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update Manager B08.0515.1
    VCRedistSetup
    Viewpoint Media Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 8.0 ATL (x86) WinSXS MSM
    Visual C++ 8.0 CRT (x86) WinSXS MSM
    VZWDownloadManager
    WeatherBug
    WebFldrs XP
    Windows 7 Upgrade Advisor
    Windows Backup Utility
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows Mobile Device Updater Component
    Windows XP Service Pack 3
    Winferno Registry Power Cleaner
    WinRAR 4.00 beta 1 (32-bit)
    Wondershare DVD Slideshow Builder(Build 6.0.2.27)
    Wondershare Flash Gallery Factory 4.8.2.18
    Yahoo! Toolbar
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== Event Viewer Messages From Past Week ========

    12/1/2010 7:28:13 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    11/30/2010 6:12:10 AM, error: Service Control Manager [7031] - The Windows CardSpace service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/30/2010 4:22:31 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
    11/30/2010 4:22:31 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    11/30/2010 4:22:31 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the path specified.
    11/30/2010 11:03:50 AM, error: DCOM [10000] - Unable to start a DCOM Server: {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}. The error: "%1450" Happened while starting this command: "C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe" /PDFShell -Embedding
    11/29/2010 7:20:04 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MpFilter
    11/29/2010 6:20:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the avgwd service.
    11/28/2010 9:31:32 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:32 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    11/28/2010 9:31:29 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:29 AM, error: Service Control Manager [7031] - The Zune Bus Enumerator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The nTune Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The GEST Service for program management. service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:28 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The COMODO livePCsupport Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:27 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    11/28/2010 9:31:27 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    11/28/2010 9:31:27 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================

    GMER results:
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-03 14:40:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-16 WDC_WD6401AALS-00L3B2 rev.01.03B01
    Running: ftfuifhv.exe; Driver: C:\DOCUME~1\PHILIP~1\LOCALS~1\Temp\kfpcykoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB35B7768]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB35B79BE]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----

    mbam:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5237

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/3/2010 5:23:28 AM
    mbam-log-2010-12-03 (05-23-28).txt

    Scan type: Quick scan
    Objects scanned: 166046
    Time elapsed: 16 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    Combofix text:

    Bobbye:
    I did a combofix and this is the results:
    ComboFix 10-08-27.03 - Philip Moore 08/28/2010 15:34:12.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1491 [GMT -7:00]
    Running from: c:\documents and settings\Philip Moore\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Philip Moore\Desktop\cfscript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    FILE ::
    "c:\docume~1\philip~1\locals~1\temp\cpuz132\cpuz132_x32.sys"
    "c:\documents and settings\All Users\Application Data\DriverCure"
    "c:\program files\anti trojan elite\atepmon.sys"
    "c:\program files\logmein\x86\rainfo.sys"
    "c:\windows\system32\7e.tmp"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CPUZ132
    -------\Service_MEMSWEEP2


    ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-28 )))))))))))))))))))))))))))))))
    .

    2010-08-27 13:25 . 2010-08-27 13:25 -------- d-----w- C:\VritualRoot
    2010-08-27 13:23 . 2010-08-27 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2010-08-26 14:40 . 2008-05-02 16:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
    2010-08-26 00:52 . 2010-08-26 00:52 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Auslogics
    2010-08-22 12:22 . 2010-08-25 00:37 -------- d-----w- c:\program files\Anti Trojan Elite
    2010-08-21 23:07 . 2010-08-21 23:07 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\Sunbelt Software
    2010-08-18 12:30 . 2010-08-22 14:29 -------- d-----w- c:\program files\NetworkView36
    2010-08-17 12:47 . 2010-08-27 12:00 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\CutePDF Writer
    2010-08-17 12:44 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
    2010-08-17 12:44 . 2010-08-17 12:44 -------- d-----w- c:\program files\Acro Software
    2010-08-17 12:22 . 2010-08-17 12:23 -------- d-----w- c:\program files\gs
    2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
    2010-08-04 13:10 . 2010-07-27 05:30 705208 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    2010-08-04 13:10 . 2010-07-27 05:30 978664 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    2010-07-30 13:31 . 2010-07-29 01:27 1833576 ----a-w- c:\windows\SkyTel.exe
    2010-07-30 13:31 . 2010-07-29 01:27 1489512 ----a-w- c:\windows\RtlUpd.exe
    2010-07-30 13:31 . 2010-07-29 01:27 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
    2010-07-30 13:31 . 2010-07-27 20:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
    2010-07-30 13:18 . 2010-01-12 20:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
    2010-07-30 13:05 . 2010-07-30 13:05 -------- d-----w- c:\program files\SmartTweak Software
    2010-07-30 12:55 . 2010-07-30 12:55 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\NVIDIA
    2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\MotionDSP
    2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\MotionDSP
    2010-07-30 12:39 . 2010-07-30 12:42 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Smart PC Solutions

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-28 22:40 . 2009-02-15 17:42 16608 ----a-w- c:\windows\gdrv.sys
    2010-08-28 22:40 . 2010-07-13 18:09 -------- d-----w- c:\program files\AOL 9.1
    2010-08-28 22:38 . 2010-06-23 12:27 4167424 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-08-28 19:41 . 2010-07-13 18:09 -------- d-----w- c:\program files\Common Files\aolshare
    2010-08-28 15:32 . 2010-04-29 21:23 63488 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-28 15:32 . 2009-10-31 11:14 117760 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-27 13:38 . 2009-03-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-27 13:16 . 2010-05-08 13:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2010-08-27 13:07 . 2009-02-15 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-26 22:35 . 2009-02-19 22:59 -------- d-----w- c:\program files\ICQ
    2010-08-26 16:48 . 2010-02-20 15:50 -------- d-----w- c:\program files\Synfig
    2010-08-26 16:47 . 2010-03-04 12:56 -------- d-----w- c:\program files\Nvu
    2010-08-26 16:40 . 2009-11-24 14:46 -------- d-----w- c:\program files\NCH Swift Sound
    2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\program files\Common Files\Nero
    2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-08-26 14:38 . 2009-02-24 12:46 -------- d-----w- c:\program files\filehippo.com
    2010-08-26 14:25 . 2010-03-30 14:43 -------- d-----w- c:\program files\PCPitstop
    2010-08-26 14:24 . 2009-02-15 20:14 -------- d-----w- c:\program files\Google
    2010-08-26 13:57 . 2009-03-26 13:32 -------- d-----w- c:\program files\Yahoo!
    2010-08-26 13:57 . 2009-08-06 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-08-25 14:20 . 2009-11-17 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-25 14:18 . 2009-03-05 14:39 -------- d-----w- c:\program files\Common Files\aol
    2010-08-24 22:55 . 2009-11-15 14:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-24 16:23 . 2010-03-24 12:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\QuickScan
    2010-08-21 23:06 . 2009-02-15 18:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-08-21 23:04 . 2009-02-15 19:00 -------- d-----w- c:\program files\CCleaner
    2010-08-16 12:48 . 2010-06-18 12:03 -------- d-----w- c:\program files\Auslogics
    2010-08-14 20:29 . 2009-02-15 20:02 -------- d-----w- c:\program files\nLite
    2010-08-14 20:21 . 2010-02-16 13:24 -------- d-----w- c:\program files\BSR Screen Recorder 4
    2010-08-11 13:16 . 2009-02-15 17:45 -------- d-----w- c:\program files\Realtek
    2010-08-08 23:48 . 2010-01-05 17:28 -------- d-----w- c:\program files\Last.fm
    2010-08-07 11:56 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-08-02 12:20 . 2009-11-13 13:24 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\CBS Interactive
    2010-08-01 19:04 . 2009-02-15 20:10 34744 ----a-w- c:\documents and settings\Philip Moore\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-01 12:12 . 2010-05-04 13:53 -------- d-----w- c:\program files\MSECACHE
    2010-07-31 12:47 . 2010-03-17 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
    2010-07-31 11:43 . 2010-07-26 13:04 -------- d-----w- c:\program files\Free Window Registry Repair
    2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2010-07-30 12:58 . 2010-06-18 12:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2010-07-29 13:03 . 2010-05-31 13:36 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AVS4YOU
    2010-07-29 01:27 . 2009-05-12 13:57 359016 ----a-w- c:\windows\vncutil.exe
    2010-07-29 01:27 . 2009-02-15 17:46 84584 ----a-w- c:\windows\SOUNDMAN.EXE
    2010-07-29 01:27 . 2009-02-15 17:46 9721960 ----a-w- c:\windows\RTLCPL.EXE
    2010-07-29 01:27 . 2009-02-15 17:46 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
    2010-07-29 01:27 . 2009-05-12 13:57 129640 ----a-w- c:\windows\RtkAudioService.exe
    2010-07-29 01:27 . 2009-02-15 17:45 19557480 ----a-w- c:\windows\RTHDCPL.EXE
    2010-07-29 01:27 . 2009-02-15 17:45 2180712 ----a-w- c:\windows\MicCal.exe
    2010-07-29 01:27 . 2009-03-28 13:58 64104 ----a-w- c:\windows\ALCMTR.EXE
    2010-07-29 01:27 . 2009-02-15 17:45 2815592 ----a-w- c:\windows\ALCWZRD.EXE
    2010-07-26 13:27 . 2010-07-26 13:27 -------- d-----w- c:\program files\3B Software
    2010-07-26 12:47 . 2010-07-26 12:40 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Error Fix
    2010-07-26 12:43 . 2010-07-26 12:39 -------- d-----w- c:\program files\Error Fix
    2010-07-23 14:29 . 2009-02-24 13:06 -------- d-----w- c:\program files\Virtual Earth 3D
    2010-07-23 13:05 . 2009-03-04 13:59 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-17 12:42 . 2010-07-09 11:54 -------- d-----w- c:\program files\Ask.com
    2010-07-17 12:18 . 2010-07-09 12:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
    2010-07-16 18:34 . 2009-02-15 22:08 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\LimeWire
    2010-07-16 18:34 . 2010-03-29 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2010-07-13 18:11 . 2009-02-15 18:20 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AOL
    2010-07-13 18:11 . 2009-02-15 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-07-13 18:09 . 2009-11-21 15:46 711392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SinfInst.exe
    2010-07-13 18:09 . 2009-02-15 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
    2010-07-13 18:08 . 2009-11-21 15:46 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tpspd\wbsetup.exe
    2010-07-13 18:08 . 2009-11-21 15:46 260040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuinst.exe
    2010-07-13 18:08 . 2009-11-21 15:46 15920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpchk.dll
    2010-07-13 18:08 . 2009-11-21 15:46 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\ocfcheck.dll
    2010-07-13 18:04 . 2009-11-21 15:46 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpinsti.exe
    2010-07-13 18:04 . 2009-11-21 15:46 11312 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuchk.dll
    2010-07-13 18:04 . 2009-11-21 15:46 1893728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\waol-0.4334.34.7.exe
    2010-07-13 18:03 . 2009-11-21 15:45 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpinst.exe
    2010-07-13 18:03 . 2009-11-21 15:45 45056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SiNdInst.dll
    2010-07-13 18:03 . 2009-11-21 15:45 67120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\instSup.dll
    2010-07-13 18:03 . 2009-11-21 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\vwpt\VPPrePop.exe
    2010-07-13 18:03 . 2009-11-21 15:45 54832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\parcon\AOLParconLink.exe
    2010-07-13 18:03 . 2009-11-21 15:44 8139800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\acssetup.exe
    2010-07-13 18:02 . 2009-11-21 15:44 99256 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sm\sminstlp.exe
    2010-07-13 18:02 . 2009-11-21 15:44 62816 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpgc.exe
    2010-07-13 18:02 . 2009-11-21 15:44 1134216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\flash\flash9ex.exe
    2010-07-13 18:02 . 2009-11-21 15:44 75104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\instSup.dll
    2010-07-13 18:02 . 2009-11-21 15:44 10800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfixchk.dll
    2010-07-13 18:02 . 2009-11-21 15:44 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfinst.exe
    2010-07-13 18:02 . 2009-11-21 15:44 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tb\tbsetup.exe
    2010-07-12 14:12 . 2010-07-12 14:12 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-07-12 14:07 . 2010-07-12 14:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2010-07-12 12:38 . 2010-07-12 12:38 -------- d-----w- c:\program files\Common Files\Java
    2010-07-12 12:37 . 2010-05-04 13:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-11 11:45 . 2010-07-11 11:45 2944904 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
    2010-07-10 12:49 . 2010-01-01 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Wondershare
    2010-07-10 12:48 . 2009-11-30 19:12 -------- d-----w- c:\program files\Wondershare
    2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
    2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
    2010-07-09 22:28 . 2009-03-01 16:29 32036 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
    2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
    2010-07-09 13:09 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar
    2010-08-22 14:58 . 2010-08-22 14:58 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-08-26_14.49.11 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-08-28 22:41 . 2010-08-28 22:41 16384 c:\windows\Temp\Perflib_Perfdata_6f4.dat
    + 2010-08-28 22:40 . 2010-08-28 22:40 16384 c:\windows\Temp\Perflib_Perfdata_4a4.dat
    + 2010-08-28 22:40 . 2010-08-28 22:41 16384 c:\windows\Temp\Perflib_Perfdata_24c.dat
    + 2010-06-02 02:00 . 2010-06-02 02:00 87824 c:\windows\system32\drivers\inspect.sys
    + 2010-08-27 22:41 . 2010-08-27 22:41 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
    + 2010-08-27 22:41 . 2010-08-27 22:41 311760 c:\windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.dll
    + 2010-08-27 13:18 . 2010-08-27 13:18 3648000 c:\windows\Installer\81e2fe.msi
    + 2010-08-13 18:09 . 2010-08-13 18:09 12263936 c:\windows\Installer\9b8bf2.msp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2009-09-29 03:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^Philip Moore^Start Menu^Programs^Startup^Y'z Toolbar.lnk]
    backup=c:\windows\pss\Y'z Toolbar.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2008-06-03 05:35 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
    2010-06-02 02:00 2039240 ----a-w- c:\program files\COMODO\COMODO Internet Security\cfp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
    2006-03-23 08:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
    2008-04-03 18:01 297480 ----a-w- c:\program files\GIGABYTE\GBTUpd\PreRun.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-03-18 11:18 136176 ----atw- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1279044589\ee\aolsoftware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
    2009-11-12 00:23 1468256 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-02-17 00:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 18:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
    2009-12-09 04:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2010-07-08 06:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    2010-07-29 01:27 19557480 ----a-w- c:\windows\RTHDCPL.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-08-27 13:07 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "IJPLMSVC"=2 (0x2)
    "GoogleDesktopManager-110408-113106"=3 (0x3)
    "ose"=3 (0x3)
    "Imapi Helper"=3 (0x3)
    "IDriverT"=3 (0x3)
    "gusvc"=3 (0x3)
    "gupdate1c9967e6b8fdeaa"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Winmx\\WinMX.exe"=
    "c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
    "c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
    "c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
    "c:\\Program Files\\ICQ\\Icq.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
    "c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
    "c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
    "c:\\Program Files\\TmNationsForever\\TmForever.exe"=
    "c:\\Program Files\\AOL 9.1\\waol.exe"=
    "c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Documents and Settings\\Philip Moore\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Common Files\\aol\\1279044589\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [4/9/2010 1:25 AM 229312]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [4/9/2010 1:25 AM 25240]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/4/2010 7:31 AM 135336]
    R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
    R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/15/2009 10:43 AM 80392]
    R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2/15/2009 11:30 AM 222456]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/26/2009 6:43 AM 1691480]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [7/12/2010 7:07 AM 23456]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
    S4 gupdate1c9967e6b8fdeaa;Google Update Service (gupdate1c9967e6b8fdeaa);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 5:50 AM 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

    2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

    2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004Core.job
    - c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

    2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004UA.job
    - c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

    2009-11-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 20:43]

    2009-11-14 c:\windows\Tasks\NSSstub.job
    - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-08 12:36]

    2010-08-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]

    2010-08-28 c:\windows\Tasks\User_Feed_Synchronization-{4C7BC7CC-AEA4-4620-A730-E10550B9C4A5}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    Trusted Zone: sitesell.com
    FF - ProfilePath - c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.cocc.edu/
    FF - prefs.js: keyword.URL - hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=sf&tbid=80105&language=en&qkw=
    FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
    FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
    FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\plugins\npcoolirisplugin.dll
    FF - plugin: c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
    FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-28 15:41
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)

    [HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F679CE86-4DBE-74D7-4C73-9586DE8246D5}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    @=""
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    @=""
    "Installed"="1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(748)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\LMIinit.dll

    - - - - - - - > 'explorer.exe'(524)
    c:\windows\system32\WININET.dll
    c:\program files\RocketDock\RocketDock.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\ImgUtil.dll
    c:\windows\system32\pngfilt.dll
    c:\windows\IME\SPGRMR.DLL
    c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\ZuneBusEnum.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\AOL 9.1\waol.exe
    c:\program files\AOL 9.1\shellmon.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-28 15:43:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-28 22:43
    ComboFix2.txt 2010-08-28 13:31
    ComboFix3.txt 2010-08-26 14:50

    Pre-Run: 357,481,775,104 bytes free
    Post-Run: 357,532,422,144 bytes free

    - - End Of File - - BFAED4BBBFEB1AF68A6ABE1A66FF6D46
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for the delay- but what's with this old Combofix?

    ComboFix 10-08-27.03 - Philip Moore 08/28/2010 15:34:12.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1491 [GMT -7:00]
    Command switches used :: c:\documents and settings\Philip Moore\Desktop\cfscript.txt
    Running from: c:\documents and settings\Philip Moore\Desktop\ComboFix.exe


    Completion time: 2010-08-28 15:43:51 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-28 22:43
    ComboFix2.txt 2010-08-28 13:31
    ComboFix3.txt 2010-08-26 14:50


    I went back and looked at the thread where this was run. Somehow, although I gave you the added security tips, I don't see the instructions to remove the leaning tools

    This should have been removed at the end of that thread. So I'll have you uninstall it now along with it's logs, then download and run new.
    ==================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =====================-============
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    =============================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

  11. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    Bobbye,
    I've been studying for next term all morning and good part of the afternoon. I failed to notice your posting. I didn't remove the combo fix from last time and I believe that is what happened. I'm all tuckered out now and will read through and follow your directions in the morning. Thanks for getting back to me.
     
  12. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    Combofix revisited

    BobbyE

    Here is the log from a combofix that I ran from the safe mode. I would not run in normal mode. I attempted to paste this log to you but was advised it was too large resulting in the attachment.
    View attachment bobbyE.txt
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Philip, I gave you a reference for ways to get the Outlook email out of the Outboox- actually, as far as I know, that is your main-possibly only problem. Have you attempted that?.

    Every once in a while, Combofix spits out that very long 'Snapshot' section. And it does make the logs very long. You will get a new log after you run script I set up for you, so be sure and paste that one in.
    What happens when you attempt to run Combofix in Normal Mode? Do you get an error message? What?

    This log shows that you are running AVG , Avira, Auslogic and MSE. Multiple AV programs make a system more vulnerable. You need to decide which you want to keep and uninstall all others. If you want to keep MSE, it has an AV program and antimalware program. You can use that with the Comodo firewall. Here are tools to help remove the others:
    • AVG Removal: Note: You may have to reinstall AVG to uninstall it fully
    • To uninstall Avira:
      [o] Start> Settings> Control Panel> Add or Remove Programs
      [o] Wait for the list to populate> click Avira.
      [o] Click Remove
      [o] Press Yes> OK..
      [o]. Click Next until Finish. The software is removed.
    • To uninstall Augistics, please check their support site.
    After you have finished, reboot the computer.

    You can't just abandon one antivirus program for another. The program has to be correctly uninstalled or it will continue to load and run processes. If you want Microsoft Security Essentials, it has an antivirus program and antimalware.

    Please handle the antivirus problem. Then at.tempt the correction of the Outlook problem. Tell me what the problem is with Combofix in Normal Mode

    I tried to go through the Combofix log you left- it appears that you have individual group policy settings for each of the Services running. Honestly I've never seen this! What have you attempted to do with the policy settings?

    Please delete the Combofix logs from these dates:
    ComboFix3.txt 2010-08-30 12:16
    ComboFix4.txt 2010-08-28 22:43
    ComboFix5.txt 2010-12-06 17:33

    If you can better advise me on what the problem are with the exception of Outlook, I could better assist you.
     
  14. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    MS Outlook issue resolved.

    BobbyE

    The e-mail issue with Outlook has been resolved. I believe it had to do with a school project I was e-mailing to my professor that was larger than what the service at the college was willing to accept. Long story short this has been resolved.

    I went to the link you provided to uninstall the AVG program which was successfully accomplished. As to Auslogic anti-virus program, To my knowledge, I don't have anything like that running. I use an Auslogic defrag, but have never used anything from them by means of an antivirus. I had MSE and uninstalled it (or so I thought) I don't know how to further remove MSE from my system. Currently what I 'thought' I was running is the Avira anti-spyware, and Comodo as my firewall.
    I went to the website of 'elder Geeks' and it provides direction as to necessary services. I edited my services based on the elder geeks website direction. What should be changed with regard to my services?

    When attempting to run Combofix in the normal mode it would advise that I had anti-virus programs running. AVG an d MSE. Because I didn't know what to do at that point, I simply stopped the Combofix process and switched to the Safe mode which allowed the Combo fix to run.

    I think moving forward, my biggest concern are the programs that apparently are still loaded/floating about on my system.

    What direction should I take next?
    OBTW the Combofix txt that you suggested to delete have been deleted.

    Sorry for the length of this post, I have plenty of work needed to be done this holiday season for next term and am feeling quite vulnerable.
    Thanks

    Philip .
     
  15. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    What is this in my MSconfig?

    I'm still having issues trying to get Combofix to run in normal mode. When I attempt to start combofix using the normal startup it states that I am not the administrator. I went to the control panel and verified that I was the only account being used and that I am the Administrator.When going to the safe mode, Combofix will start but then advises that because I still have MSE loaded that undesirable outcome may occur. It asks to continue.I've uninstalled MSE, I have deleted all files relating to MSE. I have used ATFcleaner and TFC to rid the system of undesirables. I click for it to continue and it runs the program. I have a new log from running it this morning. While waiting for your reply as to what I should be doing next, I went to MSconfig to look around to see what I could see that looks out of whack. What I found was something interesting to me. I found this under the "Startup" tab. It has empty boxes under the "Start up designation" tab, and under the command tab. this is what it reads: HKCU\SOFTWARE\Microsoft\windows\currentversion\windows\Run
    View attachment startup12.08.doc this is an attachment showing my msconfig and how it reads.

    I didn't like the look of this so I unchecked these boxes. I'm sure you know what is coming next. After restarting the machine these same boxes were in my start up and rechecked.

    I don't believe this is something that should be starting upon logon. What do you think?
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm not familiar with what theeldergeek says about Services. I use the Black Viper site for all of my Service settings: http://www.blackviper.com/WinXP/servicecfg.htm It wasn't the Services themselves, but the fact that policies appear to be set for most of them-

    I'm going to leave you with information to help resolve the security programs when you have time. I can't get what I'm seeing in the logs and what you're saying resolved, so here's what you need to work on:
    ============================================
    Combofix from August showed this security in the header, which was fine:
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    Combofix current shows this in the header and is not fine:
    ComboFix 10-12-03.03 - Administrator 12/06/2010 9:52.5.2 - x86 NETWORK
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}> Program OK but out of date
    AV: Auslogics Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}This CID is for CID: AV: BitDefender Antivirus Maybe Auslogics uses this. It also shows outdated
    AV: Microsoft Security Essentials *MSE has AV and antimalware- now there are 3 AVs
    FW: COMODO Firewall *enabled* This is OK if Windows Firewall is disabled
    ==============================================
    Current HijackThis log from 12/1/2010 shows Avira as the AV, no Comodo
    Security Check shows: Antivirus/Firewall Check:
    Windows Firewall Enabled!
    Microsoft Security Essentials
    ============================================
    DDS of 12/3 shows Restore Points for:
    RP319: 11/23/2010 9:14:27 AM - Installed Auslogics Antivirus
    RP320: 11/23/2010 9:21:48 AM - Removed Auslogics Antivirus>> but it still installed
    RP324: 11/29/2010 6:05:18 AM - Installed AVG 2011
    RP325: 11/29/2010 6:06:55 AM - Removed AVG 2011
    RP326: 11/29/2010 6:09:19 AM - Installed AVG 2011
    RP327: 11/29/2010 6:09:38 AM - Installed AVG 2011> installed x3
    RP334: 12/3/2010 6:23:27 AM - Installed COMODO Internet Security
    =======================================
    DDS installed program show:
    Auslogics Disk Defrag but also Smart Defrag> from IOBIT
    Avira AntiVir Personal - Free Antivirus
    COMODO Internet Security
    ESET Online Scanner v3
    Malwarebytes' Anti-Malware
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SUPERAntiSpyware
    ====================================
    What you need to do when you get the time is get the security programs down to 1 antivirus, 1 firewall and multiple antimalware is okay.
    Remove one of the defrag programs. Possible conflict.

    If you find left over entries from any of the programs you uninstalled, use the Windows Installer Cleanup Utility to remove them:
    ============================================
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    When you get back on some kind of a regular schedule (if it exists!) let me know if there are any malware related problems.

    Have a Happy and Peaceful Holiday![​IMG]
     
  17. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    What did you think about what was found in MSconfig?

    What can I do to get rid of this listing in my start up tab?
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You left the list of Startups in the .doc format. I do not open that file extension- it is not safe for me.

    Most of us have one of these 'naked' entries! You should not act on something when you don't know what it is.

    To remove entries from Startup using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
    • Click on Selective Startup
    • Choose the Startup tab:
      This is where you UNCHECK the Startup items. This does not remove the item or uninstall anything> it just stops it from starting on boot. It can be rechecked at any time if wanted.
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Click on Apply> OK when finished.

    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.'
    Once you make changes to the Startup menu, you must remain in Selective Startup to retain those changed. If you go back to Normal Startup, everything you unchecked will be checked again and start on boot.


    Everyone but a few of us has too much on Startup! The only processes that need to be there are:
    Processes for antivirus program.
    Processes for firewall, if you have a third party firewall such as Comodo
    The process for the touchpad if you're working on a laptop
    Network processes (I have 2) if you're using Pure Networks Network Magic>>>>>> nothing else!

    No printer, camera, scanner, media player, photo editing programs, DVD processes, etc.
     
  19. BillAllen55

    BillAllen55 TS Maniac Topic Starter Posts: 368

    BobbyE,
    Once again, I believe you have corrected all of my issues with my system.
    I would like to wish you and all of yours a Merry Christmas and a happy New Year!
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Glad to help Philip!

    Have a Happy and Peaceful Holiday![​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...