Unable to access Control Panel for Add/Remove Programs

Inactive
By MrEd
Jul 28, 2011
Topic Status:
Not open for further replies.
  1. Hello- I was trying to remove a program so went to Control panel from the start menu in XP and nothing happens when I click on it. Same issue with many desktop icons with no response so I usually right click start and open windows explorer which incidentally crashes and my desktop will clear of icons and reload them. Ran Hijack this after renaming per a post on here but that seemed old (2007) and I see not being used in your malware procedure.

    Downloaded the Step 2: Malwarebytes Anti-Malware and tried to install but windows installer asks for "scan.msi" file which I cannot locate so won't install. I have an old Sony Vaio desktop from around 2002 BTW. Have had this scan.msi issue trying to run a scanner also.

    Anyway, sorry so long winded but wondered if you might have any suggestions on how to proceed. I just ran updated Spybot Search and Destroy and AVG Free Antivirus.

    Thank you very much!
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! You're right- we don't use HijackThis to 'screen' for malware.

    Are you connected to the internet when you attempt any of these?
    1. Control Panel doesn't populate.
    2. Shortcuts (icon) on desktop doesn't open program.
    3. Windows Explorer causes system to crash


    And if you're in Safe Mode, Malwarebytes isn't going to install.
    ============================================
    If you have an HP system, you can find the missing scan.msi file HERE.
    So while you're working on the steps, clarify this for me. IF this something that just began> What did you do before it started? Install new programs? Get updates? Change Registry entries?
    ================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Thanks for the Reply!

    Are you connected to the internet when you attempt any of these? Yes but has been happening for months even when I would disconnect..FAfter i posted, Malwarebytes installed after I kept cancelling when windows installer asked for scan.msi file.BTW...wasn't in safe mode. Running Malwarebytes it now. Thanks for the HP msi. Don't have my original install disks for this pc. I see your procedure.No known file sharing on my PC. Please advise what you suggest. Thank you so much!
    1. Control Panel doesn't populate.
    2. Shortcuts (icon) on desktop doesn't open program.
    3. Windows Explorer causes system to crash
  4. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Posted Logs

    Hello-Posting logs as instructed.Thank you for your analysis!Blessings!


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7312

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    7/28/2011 8:28:24 PM
    mbam-log-2011-07-28 (20-28-09).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 509540
    Time elapsed: 3 hour(s), 44 minute(s), 6 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 11
    Registry Values Infected: 2
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 7

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> No action taken.
    HKEY_CLASSES_ROOT\Eeshellx.ShellExt (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Quick Mode (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Restart (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Evidence Eliminator Safe Shutdown (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\Shell\Evidence Eliminator Safe Recycle (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Evidence Eliminator (Rogue.EvidenceEliminator) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BDA0769-FD72-49F4-9266-E1FB004F4D8F} (PUP.Dealio.TB) -> Value: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} -> No action taken.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    c:\documents and settings\User\start menu\Programs\evidence eliminator (Rogue.EvidenceEliminator) -> No action taken.

    Files Infected:
    c:\program files\iobit toolbar\IE\4.5\iobittoolbarie.dll (PUP.Dealio.TB) -> No action taken.
    d:\program files\EE Crack\Patch.exe (RiskWare.Tool.CK) -> No action taken.
    d:\program files\evidence eliminator\Patch.exe (RiskWare.Tool.CK) -> No action taken.
    c:\documents and settings\User\start menu\Programs\evidence eliminator\evidence eliminator help.lnk (Rogue.EvidenceEliminator) -> No action taken.
    c:\documents and settings\User\start menu\Programs\evidence eliminator\evidence eliminator license agreement.lnk (Rogue.EvidenceEliminator) -> No action taken.
    c:\documents and settings\User\start menu\Programs\evidence eliminator\evidence eliminator read me.lnk (Rogue.EvidenceEliminator) -> No action taken.
    c:\documents and settings\User\start menu\Programs\evidence eliminator\evidence eliminator.lnk (Rogue.EvidenceEliminator) -> No action taken.
    ------------------------------------------------------------------------

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-07-29 12:44:56
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST380013A rev.3.54
    Running: 38c1njzz.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdqpow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Ip UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\Tcp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\Udp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp UrlFilter.sys (URL Filter/IObit.com)
    AttachedDevice \Driver\Tcpip \Device\RawIp socketlock.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp UrlFilter.sys (URL Filter/IObit.com)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by User at 13:07:08 on 2011-07-29
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.245 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    svchost.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    D:\Program Files\Backup SOS for Kingtston Thumb Drive 5-16-11\OverlayCache.exe
    C:\WINDOWS\Logi_MwX.Exe
    C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uSearchAssistant = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    mCustomizeSearch = hxxp://www.google.com
    mURLSearchHooks: H - No File
    BHO: AutorunsDisabled - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboForm.dll
    TB: Powermarks: {e166b4a2-83e7-11d3-b4fd-004005a47aaa} - c:\progra~1\powerm~1.5\iec.dll
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [Samsung Common SM] "c:\windows\samsung\comsmmgr\ssmmgr.exe" /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WWllGOC1DSzdRRy05VUJVUi03U1VMUy00NEtSMi1GS1NV"&"inst=NzctNjU2MDA4ODY3LUJBKzEtVDEtVUNBTEwrMS1VQ0FMTDIrMi1UQjgrMi1GTCs4LUY4TTExQysxLVVQRysyMDExLUY4TTExRSsxLUZMMTArMS1MSUMrOTktU1AxUzIrMS1TUDFTMysxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsw"&"prod=90"&"ver=10.0.1382
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\yankee~1.lnk - d:\program files\yankee clipper\YankClip.exe
    StartupFolder: c:\documents and settings\user\start menu\programs\startup\autorunsdisabled\quicken online backup taskbar icon.lnk.disabled
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech mx 1000 mouseware\setpoint\KEM.exe
    uPolicies-explorer: NoRecentDocsNetHood = 01000000
    uPolicies-explorer: NoActiveDesktop = 1 (0x1)
    IE: + Offline &Explorer: Download the link
    IE: + Offline E&xplorer: Download the current page
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Customize Menu &4
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Logoff &5
    IE: Open Link Target in Firefox
    IE: Reset Fields &-
    IE: Rf Options &O
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Set Fields &=
    IE: Stop popups from this web page
    IE: Translate this page
    IE: View This Page in Firefox
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
    LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
    Trusted Zone: linkshare.com
    Trusted Zone: linksynergy.com
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: ppctlcab
    DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700}
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo im 7.0\common\yinsthelper.dll
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - hxxp://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe
    DPF: {62789780-B744-11D0-986B-00609731A21D}
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134210557440
    DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38486.9494212963
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
    DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab
    DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/Typography/Utility/1/WXP/EN-US/clearadj.CAB
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
    DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - hxxp://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\pjv41h00.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 1088
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-23 13496]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-6-24 393112]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-23 821080]
    R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [2004-1-15 44504]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2006-2-23 45312]
    R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [2004-3-9 3712]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [2001-12-14 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [2005-8-2 7196]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2006-2-23 55936]
    R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-6-23 30368]
    R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-6-23 16080]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2001-12-14 54271]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-5-5 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-22 21248]
    S3 Quicken Online BackupLauncher;Quicken Online Backup Launcher;d:\program files\quicken backup\OLLaunch.exe [2004-7-3 73794]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2011-6-11 27064]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [2001-12-14 593000]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2004-2-23 15576]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2006-4-26 899884]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-6-23 239472]
    .
    =============== Created Last 30 ================
    .
    2011-07-28 19:03:56 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
    2011-07-28 19:02:34 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-28 19:02:32 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-07-28 19:02:21 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-28 18:46:04 -------- d-----w- c:\program files\Trend Micro
    2011-07-18 22:39:47 -------- d-----w- c:\program files\IObit Toolbar
    2011-07-17 00:55:29 -------- d-----w- c:\documents and settings\user\application data\Search Settings
    2011-07-17 00:54:59 -------- d-----w- c:\program files\common files\Spigot
    2011-07-17 00:54:59 -------- d-----w- c:\program files\Application Updater
    .
    ==================== Find3M ====================
    .
    2011-06-19 16:15:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-19 15:04:50 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 13:08:37.50 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/12/2003 9:22:48 PM
    System Uptime: 7/29/2011 1:43:13 AM (12 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P4B266LM
    Processor: Intel(R) Pentium(R) 4 CPU 1.60GHz | mPGA 478 | 1614/100mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 15 GiB total, 0.357 GiB free.
    D: is FIXED (NTFS) - 60 GiB total, 22.078 GiB free.
    E: is Removable
    F: is CDROM ()
    G: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Realtek RTL8139/810x Family Fast Ethernet NIC
    Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&1351887D&0&68F0
    Manufacturer: Realtek
    Name: Realtek RTL8139/810x Family Fast Ethernet NIC
    PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_80EA104D&REV_10\4&1351887D&0&68F0
    Service: rtl8139
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\10190728004603
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\10190728004603
    Service: NIC1394
    .
    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&268D196D&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&268D196D&0
    Service: i8042prt
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Miniport (ATW)
    Device ID: ROOT\NET\0000
    Manufacturer: America Online, Inc.
    Name: WAN Miniport (ATW)
    PNP Device ID: ROOT\NET\0000
    Service: wanatw
    .
    ==== System Restore Points ===================
    .
    RP361: 7/28/2011 6:42:40 AM - System Checkpoint
    RP362: 7/29/2011 7:02:54 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    1400
    1400_Help
    1400Trb
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop 7.0
    Adobe Reader 7.0.9
    AI RoboForm (All Users)
    AiO_Scan
    AiOSoftware
    AuctionSieve
    AVG 2011
    AVG PC Tuneup 2011
    BufferChm
    CleanUp!
    Clear Cache feature for Internet Explorer
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    CueTour
    CustomerResearchQFolder
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Doc Scrubber v1.0
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Dropbox
    DVDExpress
    DVgate
    eBible2
    EBookPaper
    eSupportQFolder
    Excel Utilities 2.0
    Express Burn
    Express Scribe
    Fax
    File Scavenger 2.1v
    Flash Movie Extract Pilot
    FullDPAppQFolder
    Google Chrome
    Google Earth
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Document Viewer 5.3
    HP Extended Capabilities 5.3
    HP Image Zone 5.3
    HP Image Zone Express
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.B
    HP Software Update
    HP Solution Center & Imaging Support Tools 5.3
    HPProductAssistant
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    HyperSnap-DX 5
    ImageStation
    ImageStation Demo
    Index.DAT File Viewer
    InstantShareDevices
    IObit Malware Fighter
    IObit Toolbar v4.5
    IrfanView (remove only)
    iRider
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Keyword Pad v1.0.112706
    Listpics v2.0
    Logitech MouseWare 9.79.1
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech SetPoint
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Shockwave Player
    Malwarebytes' Anti-Malware version 1.51.1.1800
    MarketResearch
    Media Bar 3.2.12
    Memory Stick Formatter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Convert Number Smart Tag
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Outlook Personal Folders Backup
    Microsoft Picture It! Express 7.0
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Windows XP Video Decoder Checkup Utility
    Microsoft XML Spreadsheet Add-In for Access 2002
    Microsoft® Measurement Smart Tag Converter
    MixPad
    Motion JPEG Software Decoder
    Move Media Player
    MovieShaker 3.3
    Mozilla Firefox (1.5.0.8)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NetAlyzer 0.3
    NewCopy
    NVIDIA Windows 2000/XP Display Drivers
    Nvu 1.0
    PanoStandAlone
    PC-Linq
    PDF Manual NW-S600/S700F Series
    PhotoGallery
    PicoPlayer
    Powermarks 3.5
    ProductContext
    Quicken 2006
    Quicken Online Backup (remove only)
    QuickTime
    RandMap
    Read in Microsoft Reader Add-in for Microsoft Word
    Readme
    RegAlyzer 1.1
    Remove Hidden Data Tool
    Revo Uninstaller 1.80
    Revo Uninstaller Pro 2.5.3
    Samsung ML-2010 Series
    SAPI 5.1 Text-to-Speech engine - English
    Scan
    ScannerCopy
    Secure Tunnel
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    SetupPPUpdater
    Sheer Notes v1.1
    Simple Search-Replace
    SkinsHP1
    Smart Defrag 2
    SocksCap V2
    SolutionCenter
    Sonic Foundry ACID 3.0g
    Sonic_PrimoSDK
    SonicStage 1.1.00
    SonicStage CD-R Writing Module
    Sony Certificate PCH
    Sony Download Taxi 1.5.0.0
    Sony DV Shared Library
    Sony Sound Forge 7.0
    SOS Online Backup
    SoundTap Uninstall
    Speed Typing
    SpeedStream 2604 DSL/Cable Router
    SpywareBlaster 4.1
    Status
    Super Mp3 Recorder Professional
    Support Actions Win2K,WinXP
    Text Workbench 4.5
    Total Uninstall 2.34
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB971029)
    VAIO Brezza Wallpaper
    VAIO Grid Wallpaper
    VAIO Help & Support
    VAIO Serenus Wallpaper
    VAIO Support
    VisualFlow 2.1
    WebFldrs XP
    WebReg
    Window Washer 5
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Support Tools
    Windows XP Service Pack 3
    Word 2002 Support Template
    Yahoo! Install Manager
    Yahoo! Messenger
    Yahoo! Messenger Explorer Bar
    Yankee Clipper III
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/29/2011 1:45:25 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    .
    ==== End Of File ===========================
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please go back and update and rescan with Malwarebytes>> taking care to do this:
    All those many malware entries show: No Action Taken.
    Nothing was removed- all still on the system. Please do ASAP.


    Edit: I was looking for information for the Evidence Eliminator. I found it, but I also note in your log that you pirated the program:
    d:\program files\EE Crack\Patch.exe (RiskWare.Tool.CK) -> No action taken.

    You can always expect to get malware when you use cracks and keygens. Remove it please.
  6. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Malwarebytes

    Hi-I checked all the boxes and clicked to remove them so it is odd it says no action taken. I even ran it again to make sure it didn't miss anything and it came up clean. Didn't save that log though so I will run again and resubmit the log. Thank you!
  7. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Malwarebytes' Anti-Malware

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7323

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    7/30/2011 6:55:46 AM
    mbam-log-2011-07-30 (06-55-44).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|)
    Objects scanned: 509534
    Time elapsed: 1 hour(s), 38 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    You have got numerous processes that need to be removed. Several are from either pre-checked items on a download screen or toolbars and browser helper objects that were bundled with download you did.

    To clarify::
    1. You have an HP PSC & OfficeJet 5.3.B When you try to use the scan feature, you get the scan.msi is missing message. The HP link that I left has 2 methods to replace the missing file. The second method is:
    Method 2: Download the file from the HP website HERE.

    2. When you tried to install Mbam you said you also got the scan.msi error. I don't know why, but the Windows Installer appears to have some dependency on scan.msi. Once you install it, I think both of these will be resolved.
    ========================================
    You have multiple old versions of Java -All of the outdated versions are vulnerabilities to the system. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    ===========================================
    The system is badly set up. There are lines and lines in the addons section including the Active X objects that only have partial entries. I will remove them after you run Combofix. As they are now, there is information missing saying what the entry is.
    =========================================
    You will need to temporarily uninstall AVG to run Combofix: Please note the there are 2 options for an AV to use. Choose 1 of them so the system will be protected. Although the security should be disabled to run Combofix, you will be protected in between.
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ================================================
    Please slow down and take time to read all of the instructions. For instance, only a Quick Scan was directed for Malwarebytes. If I think any change is needed in scan directions, I will tell you.
  9. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Combo Fix

    Hello-Sorry about not being attentive enough to details. Had to use last faster USB port to check out the scan.msi on scanner and ran combofix the first time without plugging back in an external drive so I did that and ran it again thus two logs.Thx.

    First Run

    ComboFix 11-07-31.04 - User 07/31/2011 14:52:56.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.329 [GMT -4:00]
    Running from: d:\program files\Combofix 7-31-11\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator.VALUED-7B9600FA\WINDOWS
    c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
    c:\documents and settings\Bubba.VALUED-7B9600FA\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Owner\WINDOWS
    c:\documents and settings\User\jaudio16k.tar
    c:\documents and settings\User\Recent\Thumbs.db
    c:\documents and settings\User\WINDOWS
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\UNWISE.EXE
    D:\install.exe
    d:\mydocu~1\CDRIVE~1\PLANET~1\AUCTIO~1\AUCTIO~1\AUCTIO~2\AUCTio~1.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-31 18:28 . 2011-07-31 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Avira
    2011-07-31 17:08 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-31 17:08 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-31 17:08 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-07-31 17:08 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\program files\Avira
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-07-30 09:09 . 2011-07-30 09:09 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
    2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-28 18:46 . 2011-07-28 18:46 -------- d-----w- c:\program files\Trend Micro
    2011-07-18 22:39 . 2011-07-18 22:39 -------- d-----w- c:\program files\IObit Toolbar
    2011-07-17 00:55 . 2011-07-17 00:55 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings
    2011-07-17 00:54 . 2011-07-17 00:55 -------- d-----w- c:\program files\Application Updater
    2011-07-17 00:54 . 2011-07-17 00:54 -------- d-----w- c:\program files\Common Files\Spigot
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-19 16:15 . 2011-06-11 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-19 15:04 . 2009-08-19 00:10 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-02 14:02 . 2001-12-14 19:26 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 08:52 . 2010-05-05 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 06:25 . 2008-01-26 02:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]
    @="{3F1FB271-8290-4330-8069-310F32C030EF}"
    [HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]
    @="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"
    [HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]
    @="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"
    [HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]
    @="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"
    [HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]
    @="{58605E40-AE20-45d7-887B-08F3D9FF3651}"
    [HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]
    @="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"
    [HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]
    @="{D1542785-76CA-4d0c-9688-F290B1E77E01}"
    [HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-30 160328]
    "Messenger (Yahoo!)"="d:\progra~2\YAHOOI~1.0\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-27 98304]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    Yankee Clipper III.lnk - d:\program files\Yankee Clipper\YankClip.exe [2005-7-11 1368064]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
    quicken online backup taskbar icon.lnk.disabled [2004-7-3 679]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Logitech SetPoint.lnk - d:\program files\Logitech MX 1000 Mouseware\SetPoint\KEM.exe [2006-10-12 573440]
    openURL.vbs [2011-7-31 131]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 01000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\America Online 7.0 Tray Icon.lnk.disabledCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2004-04-26 11:06 29696 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-02-27 09:32 98304 -c--a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PestPatrolCL"=c:\progra~1\PESTPA~1\PestPatrolCL.exe c:\
    "PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
    "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Yahoo IM 7.0\\Messenger\\YahooMessenger.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/23/2011 8:39 PM 13496]
    R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [1/15/2004 10:29 AM 44504]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/23/2006 8:19 PM 45312]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [3/9/2004 7:20 AM 3712]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 4:53 PM 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/2/2005 8:27 PM 7196]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/23/2006 8:19 PM 55936]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 8:43 PM 30368]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 8:43 PM 16080]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 8:55 PM 54271]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/5/2011 12:26 AM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 10:58 PM 27064]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 3:26 PM 593000]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/23/2004 3:25 PM 15576]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/26/2006 7:59 PM 899884]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 8:43 PM 239472]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 22:32]
    .
    2011-07-31 c:\windows\Tasks\SmartDefrag_Startup.job
    - d:\program downloads\Smart Defrag 2\SmartDefrag.exe [2011-06-24 00:19]
    .
    2011-07-25 c:\windows\Tasks\SOS Online Backup - Prompter.job
    - c:\program files\Common Files\SOS Online Backup\Prompter\Prompter.exe [2010-04-20 20:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uSearchAssistant = hxxp://www.google.com
    IE: + Offline &Explorer: Download the link
    IE: + Offline E&xplorer: Download the current page
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Customize Menu &4
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Logoff &5
    IE: Open Link Target in Firefox
    IE: Reset Fields &-
    IE: Rf Options &O
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Set Fields &=
    IE: Stop popups from this web page
    IE: Translate this page
    IE: View This Page in Firefox
    LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    Trusted Zone: linkshare.com
    Trusted Zone: linksynergy.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: ppctlcab
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pjv41h00.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 1088
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-LyraWirelessRemote - d:\program files\Lyra Remote\Lyraw.exe
    AddRemove-Adobe Photoshop 7.0 - d:\program files\Adobe Photoshop\Uninst.isu
    AddRemove-EBookPaper - c:\program files\EBookPaper.com\EBookPaper\Uninst.isu
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
    AddRemove-IrfanView - d:\program files\Irfanview 3.97\iv_uninstall.exe
    AddRemove-SetupPPUpdater - c:\progra~1\PESTPA~1\UNWISE.EXE
    AddRemove-Total Uninstall_is1 - d:\program files\Total Uninstall\unins000.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - d:\program files\AVG PC Tuneup 2011\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-31 15:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    Completion time: 2011-07-31 15:56:45
    ComboFix-quarantined-files.txt 2011-07-31 19:56
    .
    Pre-Run: 680,407,040 bytes free
    Post-Run: 1,243,287,552 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
    .
    Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - 68314DA55CB9E74A60B5536706A8B3FA
    ---------------------------------------------------------------------------
    Second Run

    ComboFix 11-07-31.04 - User 07/31/2011 16:17:52.2.1 - x86
    Running from: d:\program files\Combofix 7-31-11\ComboFix.exe
    Command switches used :: /Uninstal
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-31 18:28 . 2011-07-31 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Avira
    2011-07-31 17:08 . 2011-06-17 16:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-31 17:08 . 2011-06-17 16:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-31 17:08 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-07-31 17:08 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\program files\Avira
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-07-30 09:09 . 2011-07-30 09:09 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
    2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-28 18:46 . 2011-07-28 18:46 -------- d-----w- c:\program files\Trend Micro
    2011-07-18 22:39 . 2011-07-18 22:39 -------- d-----w- c:\program files\IObit Toolbar
    2011-07-17 00:55 . 2011-07-17 00:55 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings
    2011-07-17 00:54 . 2011-07-17 00:55 -------- d-----w- c:\program files\Application Updater
    2011-07-17 00:54 . 2011-07-17 00:54 -------- d-----w- c:\program files\Common Files\Spigot
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-19 16:15 . 2011-06-11 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-19 15:04 . 2009-08-19 00:10 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-02 14:02 . 2001-12-14 19:26 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 08:52 . 2010-05-05 22:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 06:25 . 2008-01-26 02:51 73728 ----a-w- c:\windows\system32\javacpl.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]
    @="{3F1FB271-8290-4330-8069-310F32C030EF}"
    [HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]
    @="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"
    [HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]
    @="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"
    [HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]
    @="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"
    [HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]
    @="{58605E40-AE20-45d7-887B-08F3D9FF3651}"
    [HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]
    @="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"
    [HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]
    @="{D1542785-76CA-4d0c-9688-F290B1E77E01}"
    [HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-30 160328]
    "Messenger (Yahoo!)"="d:\progra~2\YAHOOI~1.0\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-27 98304]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    Yankee Clipper III.lnk - d:\program files\Yankee Clipper\YankClip.exe [2005-7-11 1368064]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
    quicken online backup taskbar icon.lnk.disabled [2004-7-3 679]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Logitech SetPoint.lnk - d:\program files\Logitech MX 1000 Mouseware\SetPoint\KEM.exe [2006-10-12 573440]
    openURL.vbs [2011-7-31 131]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 01000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\America Online 7.0 Tray Icon.lnk.disabledCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2004-04-26 11:06 29696 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-02-27 09:32 98304 -c--a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PestPatrolCL"=c:\progra~1\PESTPA~1\PestPatrolCL.exe c:\
    "PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
    "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Yahoo IM 7.0\\Messenger\\YahooMessenger.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/23/2011 8:39 PM 13496]
    R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [1/15/2004 10:29 AM 44504]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/23/2006 8:19 PM 45312]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [3/9/2004 7:20 AM 3712]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 4:53 PM 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/2/2005 8:27 PM 7196]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/23/2006 8:19 PM 55936]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 8:43 PM 30368]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 8:43 PM 16080]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 8:55 PM 54271]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/5/2011 12:26 AM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 10:58 PM 27064]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 3:26 PM 593000]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/23/2004 3:25 PM 15576]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/26/2006 7:59 PM 899884]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 8:43 PM 239472]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 22:32]
    .
    2011-07-31 c:\windows\Tasks\SmartDefrag_Startup.job
    - d:\program downloads\Smart Defrag 2\SmartDefrag.exe [2011-06-24 00:19]
    .
    2011-07-25 c:\windows\Tasks\SOS Online Backup - Prompter.job
    - c:\program files\Common Files\SOS Online Backup\Prompter\Prompter.exe [2010-04-20 20:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uSearchAssistant = hxxp://www.google.com
    IE: + Offline &Explorer: Download the link
    IE: + Offline E&xplorer: Download the current page
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Customize Menu &4
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Logoff &5
    IE: Open Link Target in Firefox
    IE: Reset Fields &-
    IE: Rf Options &O
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Set Fields &=
    IE: Stop popups from this web page
    IE: Translate this page
    IE: View This Page in Firefox
    LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    Trusted Zone: linkshare.com
    Trusted Zone: linksynergy.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: ppctlcab
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pjv41h00.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 1088
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-31 17:45
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3812)
    c:\windows\system32\WININET.dll
    d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-07-31 18:34:23
    ComboFix-quarantined-files.txt 2011-07-31 22:34
    ComboFix2.txt 2011-07-31 19:56
    .
    Pre-Run: 1,313,935,360 bytes free
    Post-Run: 1,288,474,624 bytes free
    .
    Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - E03E64CA1E7189030FDDFFC716CD5183
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Perhaps I'm missing something, but these entries aren't complete:
  11. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    I uninstalled Combo fix and ran it again. When I click on my desktop icons, windows explorer still crashes and desktop goes blank and the icons repopulate. Log enclosed.Thx.


    ComboFix 11-08-02.03 - User 08/02/2011 19:44:46.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.245 [GMT -4:00]
    Running from: d:\my documents\C Drive\Downloads\Combofix 8-2-11\Combo-Fix.exe
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-03 to 2011-08-03 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-31 18:28 . 2011-07-31 18:28 -------- d-----w- c:\documents and settings\User\Application Data\Avira
    2011-07-31 17:08 . 2011-08-01 17:12 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-07-31 17:08 . 2011-08-01 17:12 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-07-31 17:08 . 2010-06-17 19:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-07-31 17:08 . 2010-06-17 19:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\program files\Avira
    2011-07-31 17:08 . 2011-07-31 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-07-30 09:09 . 2011-07-30 09:09 -------- d-----w- c:\documents and settings\User\Application Data\Yahoo!
    2011-07-28 19:03 . 2011-07-28 19:03 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-28 19:02 . 2011-07-28 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-07-28 19:02 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-28 18:46 . 2011-07-28 18:46 -------- d-----w- c:\program files\Trend Micro
    2011-07-18 22:39 . 2011-07-18 22:39 -------- d-----w- c:\program files\IObit Toolbar
    2011-07-17 00:55 . 2011-07-17 00:55 -------- d-----w- c:\documents and settings\User\Application Data\Search Settings
    2011-07-17 00:54 . 2011-07-17 00:55 -------- d-----w- c:\program files\Application Updater
    2011-07-17 00:54 . 2011-07-17 00:54 -------- d-----w- c:\program files\Common Files\Spigot
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-19 16:15 . 2011-06-11 19:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-19 15:04 . 2009-08-19 00:10 4702 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2011-06-02 14:02 . 2001-12-14 19:26 1858944 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]
    @="{3F1FB271-8290-4330-8069-310F32C030EF}"
    [HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]
    @="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"
    [HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]
    @="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"
    [HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]
    @="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"
    [HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]
    @="{58605E40-AE20-45d7-887B-08F3D9FF3651}"
    [HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]
    @="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"
    [HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]
    @="{D1542785-76CA-4d0c-9688-F290B1E77E01}"
    [HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]
    2010-04-20 20:22 596480 ------w- d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-10-30 160328]
    "Messenger (Yahoo!)"="d:\progra~2\YAHOOI~1.0\MESSEN~1\YahooMessenger.exe" [2011-06-16 6276408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-12-17 19968]
    "Samsung Common SM"="c:\windows\Samsung\ComSMMgr\ssmmgr.exe" [2005-07-03 372736]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-27 98304]
    "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-04-26 29696]
    "HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-01-27 585728]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-06-01 4385112]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\User\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    Yankee Clipper III.lnk - d:\program files\Yankee Clipper\YankClip.exe [2005-7-11 1368064]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\AutorunsDisabled
    quicken online backup taskbar icon.lnk.disabled [2004-7-3 679]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Logitech SetPoint.lnk - d:\program files\Logitech MX 1000 Mouseware\SetPoint\KEM.exe [2006-10-12 573440]
    openURL.vbs [2011-7-31 131]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood"= 01000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\America Online 7.0 Tray Icon.lnk.disabledCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
    backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2004-04-26 11:06 29696 ----a-w- c:\windows\KHALMNPR.Exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2005-02-27 09:32 98304 -c--a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "BlueSoleil Hid Service"=2 (0x2)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "PestPatrolCL"=c:\progra~1\PESTPA~1\PestPatrolCL.exe c:\
    "PestPatrol Control Center"=c:\progra~1\PESTPA~1\PPControl.exe
    "SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\Program Files\\Yahoo IM 7.0\\Messenger\\YahooMessenger.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpfccopy.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpoews01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpofxm08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposfx08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hposid01.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqCopy.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "d:\\Program Files\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqste08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpqtra08.exe"=
    "d:\\Program Files\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    .
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6/23/2011 8:39 PM 13496]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6/24/2011 5:30 PM 393112]
    R2 KDATA;KDATA;c:\windows\system32\drivers\Kdata.sys [1/15/2004 10:29 AM 44504]
    R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2/23/2006 8:19 PM 45312]
    R2 SocketLock;Raw Socket Lock Driver;c:\windows\system32\socketlock.sys [3/9/2004 7:20 AM 3712]
    R2 SonyFKC;FAN and Keyboard Control Service;c:\windows\system32\drivers\SonyFKC.sys [12/14/2001 4:53 PM 12032]
    R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/2/2005 8:27 PM 7196]
    R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [2/23/2006 8:19 PM 55936]
    R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 8:43 PM 30368]
    R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 8:43 PM 16080]
    S3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [12/14/2001 8:55 PM 54271]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [5/5/2011 12:26 AM 24576]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [6/22/2010 6:01 PM 21248]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [6/11/2011 10:58 PM 27064]
    S3 SMBE;Sony MPEG2 Encoder Board (WDM);c:\windows\system32\drivers\Smbe.sys [12/14/2001 3:26 PM 593000]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2/23/2004 3:25 PM 15576]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [4/26/2006 7:59 PM 899884]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 8:43 PM 239472]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ANTIVIRSCHEDULERSERVICE
    *NewlyCreated* - ANTIVIRSERVICE
    *NewlyCreated* - AVGIO
    *NewlyCreated* - AVGNTFLT
    *NewlyCreated* - AVIPBB
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-308236825-1801674531-1004Core1cc27e486266d16.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-04 22:32]
    .
    2011-08-02 c:\windows\Tasks\SmartDefrag_Startup.job
    - d:\program downloads\Smart Defrag 2\SmartDefrag.exe [2011-06-24 00:19]
    .
    2011-08-01 c:\windows\Tasks\SOS Online Backup - Prompter.job
    - c:\program files\Common Files\SOS Online Backup\Prompter\Prompter.exe [2010-04-20 20:22]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    uSearchAssistant = hxxp://www.google.com
    IE: + Offline &Explorer: Download the link
    IE: + Offline E&xplorer: Download the current page
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: Customize Menu &4
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Logoff &5
    IE: Open Link Target in Firefox
    IE: Reset Fields &-
    IE: Rf Options &O
    IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Set Fields &=
    IE: Stop popups from this web page
    IE: Translate this page
    IE: View This Page in Firefox
    LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
    Trusted Zone: linkshare.com
    Trusted Zone: linksynergy.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: ppctlcab
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\pjv41h00.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=642886&p=
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 80
    FF - prefs.js: network.proxy.gopher - 127.0.0.1
    FF - prefs.js: network.proxy.gopher_port - 80
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 80
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 1088
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 80
    FF - prefs.js: network.proxy.type - 1
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-02 21:03
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\ÿÿÿÿ]*‘|ÞÂÂw]
    "FriendlyName"=""
    "CLSID"="{1B544C22-FD0B-11CE-8C63-00AA0044B51E}"
    "FilterData"=hex:02,00,00,00,00,00,20,00,00,00,00,00,00,00,00,00
    .
    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1348)
    c:\windows\system32\WININET.dll
    d:\program files\Backup SOS for Kingtston Thumb Drive 5-16-11\ShlOverlays.dll
    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2011-08-02 21:52:31
    ComboFix-quarantined-files.txt 2011-08-03 01:52
    .
    Pre-Run: 1,253,326,848 bytes free
    Post-Run: 1,227,165,696 bytes free
    .
    Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
    - - End Of File - - E98B3E29E96035F060AFC3A80C7FF9C1
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please address the incomplete entries and proxy addon I questioned in my Reply #10.
  13. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Not Using A Proxy to My Knowledge....

    Bobbye Please address the incomplete entries and proxy addon I questioned in my Reply #10.
    ---------------------------------------------------------------------------------
    Sorry....Not using a "foxyproxy" or any other to my knowledge. I used to use "Secure Tunnel" years ago...used their software. As far as incomplete entries, I have no clue about the incomplete entries you asked about which was why I ran Combofix again and submitted the log again.Thx.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Reviewing the logs again, I think the incomplete entries are from Roboform:
    I left the RoboForm entry out previously but checking again appears that the settings have been done in the program.
    Are you still using RoboForm? IF so, open the program and see if these entries above with only info like 'Reset Field &-' and 'Translate this page', etc. are from that program. I have never seen entries listed like this with RoboForm on the system. I can remove them with script.
    --------------------> Leaving the following in case you need it:
    Q: How can I uninstall RoboForm?
    A: Select "Start -> Programs -> AI RoboForm -> Uninstall".
    If RoboForm the embedded uninstaller does not work, click this link: RoboForm Uninstaller. It will download and run a file that will uninstall RoboForm.
    If you did not close all browser windows when uninstalling RoboForm then the file RoboForm.dll will remain locked. However, you can reboot and remove the file manually.
    http://www.roboform.com/support/faq/roboform
    ========================================
    Something has set these proxy ports in Firefox. Did I have you reset the proxies? If not, do this:
    Reset your browser proxies
    • For Firefox:
      o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
      o Click on the "Network" tab, and then on the "Settings" button.
      o Please make sure that the "No Proxy" option is selected.
    • For Internet Explorer:
      o Open Internet Explorer.
      o Click on "Tools" and then select "Internet Options".
      o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
      o Uncheck "Use a Proxy server for your LAN".
      o Click Ok to close the Local Area Network (LAN) Settings window.
      o Click Ok to close the Internet Options window.

    When you go in to do this, let me know if you found these proxy ports set.
  15. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Hello

    Hello- Yes, I use roboform (older version) and have for years. Sorry as I tried to find those files in Roboform but could not locate them. I really would rather not uninstall this program as I use it constantly.Roboform is set to work with IE but I use Chrome unless I need Roboform to fill in IE 7. BTW, I used to run an browser type program which is still installed called D:\Program Files\iRider2.48\iRider.exe.I think that ties inti IE somehow.

    I never use Firefox (had version 1.5 from 2006) so I uninstalled it with revo uninstaller pro.Checked IE 7 LAN connections where "Automatically Detect Settings" was checked. Down below in the proxy server box which was unchecked, "grayed out" were 127.0.0.1, port 8080.

    Don't mean to ask you more things but this came up after you had me update my Java which I did to 7 but can't remove version 6.26 with JavaRa or Revo as it installs it instead. Also, tried to uninstall it in "Add/Remove Programs" but I get "Internal Error 2753.regutils.dll. The java Auto Updater is there with no remove button.In Revo, I tried doing a "forced uninstall" but the uninstall program is Microsoft Picture It Version 7 (very old)and it

    pulls up a ton of entries so something is amiss there.Tried to uninstall it in Add/Remove Programs and asks for original disk which I don't have. Any suggestions?Thanks!
  16. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Hello

    Posted 6 days ago....just wondered if you could assist please? Thank you!
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I'm very sorry- I got no notice that you had replied. Every once in a while feedback gets lost in cyberspace.

    See if you can access the Control Panel that will populate like this:
    Click on Start> Run> type in appwiz.cpl> enter> wait a few seconds and see if it populates.



    About your uninstalling: When uninstalling anything you should follow this order:
    1. See if the program has it's own uninstaller. I if does, use that.
    2. If there is no uninstaller in a program or app, look for it in Add/Remove Programs and uninstall from there.
    3. Revo and the Windows Installer Cleanup Utility should not be used for the initial uninstall. Their purpose is to remove any 'left over entries' from a program or app that has been uninstalled.

    An example of a failed uninstall using Revo: All of the following remain on the system:
    If Firefox has been uninstalled correctly, these entries would no longer be present. Since the FF is a several years outdated version, I suggest you check the Mozilla forum for way to do a correct and complete uninstall. As long as these entries remain on the system, they present a vulnerability.
    =========================================
    About Java: Java 7 is not the correct version for you. Java v6u26 is.
    The Java Development Kit (JDK) is a Sun Microsystems product aimed at Java developers. It is now in Version 7

    This URL that is included at the end of Java Ra> http://www.java.com/en/download/manual.jsp
    This will bring you to the current version of Java v6u26
    =================================================
    If you are no linger using iRider, please uninstall it and then delete the Program folder.
    --------------------------
    You should maintain as close to 80% of the hard drive free as possible. You have less than 30% free. You should uninstall everything you no longer use to recover some of the hard drive.
    ===========================================
    Please update and/or reinstall RoboForm. The following entries are not correct:
    For instance, you shows DPF: ppcylcab
    The correct entry would be DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
    You have Pest Patrol loading but the entry isn't indicating that.
    ===============================================
    About the Proxy port 8080: It looks like this is a Proxy auto-configured port. (PAC)
    Browsers such as Firefox and Internet Explorer only support system default encoding PAC file. I think when Firefox is fully uninstalled correctly, this proxy entry will be removed.
    =============================================
    Much of the malware found in Malwarebytes was on Evidence Eliminator. Some have used this with no problem. But the home site for Evidence Eliminator Quick Mode is rated in Red by the Site Advisor I use, WOT. It fails all 4 rating categories: Vendor reliability, Trustworthiness, Privacy, Family. And it gives the following:
    Warning! This site has a poor reputation.
    This program is still loading from the Registry:
    I can remove this entry with script you'll run through Combofix.
    =============================================
    If we are to get anywhere you need to clean up the system:
    1. To uninstall, look for uninstaller in program first, use Add/Remove Programs if none.
    2. Complete the uninstall properly for Firefox.
    3. Uninstall iRide, Evidence Eliminator
    4. Install Java v6u26, uninstall JDK 7
    5. Update or reinstall RoboForm
    6. Uninstall all programs and apps you no longer use.
    7. For all uninstalled programs use Windows Explorer (Right click on Start> Explore) to go to My Computer> Double click Local Drive (C)> Programs> find folder for each uninstall and do Right click> Delete on folder.
    Reboot the computer when through
    ==============================================
    If you were able to get into the Control Panel for Add/Remove Programs and if you have updated Java correctly ans if you have updated or reinstalled RoboForm, please do the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================================
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.

    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
  18. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Can't Uninstall Some Programs

    Hello- I had to do a system restore because my quicken launcher was gone.Anyway, I can't uninstall some programs from "Add/Remove programs" because of an error msg. which usually reads "Wise Uninstall-Could not open log file" or "Can't Uninstall-C:\Programs.....unins000.dat does not exist...cannot uninstall"or "Uninstall date could not be found at the specified location-Cannot uninstall". How do I get rid of these programs? Edit the registry?

    What is the best way to clean up the "garbage" and unneeded files on my PC without nuking system files and rendering programs unuseable? Any recommendations?


    Also...you mentioned this about removing the entry thru combofix...pls advise.
    "Warning! This site has a poor reputation.
    This program is still loading from the Registry:
    Quote:
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
    I can remove this entry with script you'll run through Combofix."

    I will rerun the hijack this log since I am having to redo this last step. Thank you!
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Doing a System Restore undoes anything done between the Restore Point and now.

    I'm not understanding some of what you're asking.

    1. About the bad site: I use the WOT Site Advisor so I have a 3 way protection to not access a bad site:
    WOT, my Firefox settings and Eset Nod32.
    2. When I looks for information about the 'Evidence Eliminator,' the home site was listed in red> trying to access another site that was marked as safe and giving a link for Evidence Eliminator site, click on the link displayed the message for a bad site. I do not go to those sites.

    My thoughts are that if the home site of a program is not trustworthy, or has a questionable privacy policy or shows vendor not trustworthy, I have to think that the program they sponsor is not safe.

    I just went though this with another member- he used Revo to uninstall everything- but ended up with parts of programs all over the system - when a program isn't uninstalled correctly, the install/uninstall in the program will be damaged but the program will remain. I mentioned this order:
    1. Check to see if program has it's own uninstaller. If it does, use that.
    2. If it does not, then use Add/Remove Programs for the uninstaller..Revo, Windows Installer Cleanup Utility should only be use if a stray file from an uninstalled program remains, or if the program shows in Add/Remove Programs bu doesn't have uninstall capability.

    Some programs also can't be uninstalled in Safe Mode.

    About “Could not open uninstall.log file” when the file is missing or damaged. Most of the programs create an install.log when you install them. These are nice as a reference for what files were added and what changes were made in various parts of Windows.
    Bottomlline? If the installer/uninstaller is damaged, if you can't do a proper uninstall, if a cleanup utility still won't remove the files, then the only recourse you have is to reinstall the program, then uninstall it correctly.
  20. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Thanks for the note! What if it is an old program and there is no disc available? Case and Point...Enter Microsoft Picture It 7.0 which calls for the disc but I do not have it since it is several years old therefore can't reinstall it. Also, can find the original program to install it first as you suggested.

    Also...you mentioned this about removing the entry thru combofix...pls advise.
    "Warning! This site has a poor reputation.
    This program is still loading from the Registry:
    Quote:
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    2004-04-29 14:08 896002 ----a-w- d:\progra~2\Evidence Eliminator\Ee.exe
    I can remove this entry with script you'll run through Combofix."

    What about Spybot Search and Destroy? Do you like that program?

    Had to keep restoring because my quicken launcher was getting corrupted uninstalling some program so I did the uninstalls I could but some programs like "net meeting" and Irider won't uninstall either. Won't uninstall so if you can't download and install it to uninstall then how do you get rid of these old programs? I ran Hijack This again as I said earlier. Could you check it please? Thanks!
    --------------------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:17:15 PM, on 8/20/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Backup SOS for Kingtston Thumb Drive 5-16-11\OverlayCache.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\Program Files\Yankee Clipper\YankClip.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\Yankee Clipper\YankClip.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: ppctlcab -
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo IM 7.0\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134210557440
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Quicken Online Backup RegCap (OLRegCap) - Intuit, Inc. - d:\Program Files\Quicken Backup\OLRegCap.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Quicken Online Backup Launcher (Quicken Online BackupLauncher) - Intuit, Inc. - d:\Program Files\Quicken Backup\OLlaunch.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
    --
    End of file - 10777 bytes
  21. MrEd

    MrEd Newcomer, in training Topic Starter Posts: 70

    Sorry ...forgot to take off word wrap so here is the Hijack log again. Thx.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:24:21 PM, on 8/20/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17099)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Backup SOS for Kingtston Thumb Drive 5-16-11\OverlayCache.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\Program Files\Yankee Clipper\YankClip.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Yankee Clipper III.lnk = D:\Program Files\Yankee Clipper\YankClip.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: ppctlcab -
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo IM 7.0\Common\yinsthelper.dll
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134210557440
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/check/qdiagh.cab?326
    O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
    O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} - http://supportcentral4.sel.sony.com/sdccommon/download/sonyctl.CAB
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Quicken Online Backup RegCap (OLRegCap) - Intuit, Inc. - d:\Program Files\Quicken Backup\OLRegCap.EXE
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Quicken Online Backup Launcher (Quicken Online BackupLauncher) - Intuit, Inc. - d:\Program Files\Quicken Backup\OLlaunch.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/User/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

    --
    End of file - 10744 bytes
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Then you've lost it! Backup, Backup, Backup before there is a problem!

    Mr. Ed, you've had your Windows XP ole guy for 8 yers- I've had a desktop with XP for even longer! But time goes on, programs get updates or new versions. I'm sorry you can't get everything back on the system. I am not a magician.

    However, the repeated restores are undoing everything I instruct you to do. And I think the original problem- and even up to now, is part system related.

    Is sounds like you don't even have a CD so you can reformat and reinstall.
    ===================================
    I don't know if this is good any more with all the restores:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    svchost.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    
    DDS::
    uInternet Settings,ProxyServer = 127.0.0.1:8080
    DPF: ppctlcab
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
    DPF: {17492023-C23A-453E-A040-C7C580BBF700}
    DPF: {62789780-B744-11D0-986B-00609731A21D}
    DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
    DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
    Folders::
    c:\program files\IObit Toolbar
    c:\documents and settings\User\Application Data\Search Settings
    c:\program files\Application Updater
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IObit Malware Fighter"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"=-c:\program files\Java\jre1.5.0_04\bin\jusched.exe
    RegLock::
    [HKEY_USERS\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\ActiveMovie\devenum\{860BB310-5D01-11D0-BD3B-00A0C911CE86}\ÿÿÿÿ]*‘|ÞÂÂw]
    "FriendlyName"=""
    "CLSID"="{1B544C22-FD0B-11CE-8C63-00AA0044B51E}"
    "FilterData"=hex:02,00,00,00,00,00,20,00,00,00,00,00,00,00,00,00
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Java is out of date: Update now: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    Adobe Reader is out of date: Update now: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.