Solved Unable to install Adobe Update

[BillAllen55]

I'm thinking I may have a spyware/trojan issue.
I have read through the 8-step removal process. I tried updating the Adobe reader.
This was unsuccessful.
This is the error I receive during the installation process:


error:
1402.Could not open key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\Imail.

Verify That you have sufficient access to that key, or contact your support personnel.

Can someone give me an idea why this is happening?

 

[Bobbye]

Bill, that's a permission issue that we can work on. If this is the only problem you're having running the steps, please continue on with the rest of the thread and leave the logs for review.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

 

[BillAllen55]

This is the first of my scans:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4473

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/24/2010 5:37:04 PM
mbam-log-2010-08-24 (17-37-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 280750
Time elapsed: 1 hour(s), 38 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Anti Trojan Elite\MSVCRTD.DLL (Malware.Packer.Gen) -> Quarantined and deleted successfully.

This is my second scan

Hijackthis!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:20 AM, on 8/24/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\AOL\1279044589\ee\AOLSoftware.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\PROGRA~1\MICROS~4\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1279044589\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8669 bytes

I attempted to run a GMER scan which resulted in blue screening my system.

I would appreciate whatever assistance one is able to provide.

The issue is that the system seems a bit laggy from what it once was.
I was on a website that was asking for survey questions.
This was when I first noticed things starting to go wrong.

I have done multiple virus/spyware scans but not feeling as if it is all over.

Please help.

 

[Bobbye]

I have read through the 8-step removal process. I tried updating the Adobe reader.

Bill, I need for you to complete the steps here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

As I mentioned, skip the Adobe update for now, but please run DSS. It will generate 2 logs. Leave them both in your next reply. I don't have enough information from the HijackThis log- we'll run that later.
For GMER, try one of the following:
1. Uncheck 'Devices'
2. Or run in Safe Mode.

Mbam did find malware, but what do you mean by 'laggy'? If you mean the system is slow, part of the reason is because you have so much starting on boot, then running in the background.

 

[BillAllen55]

Three of the Four aint too bad?

View attachment Attach.txt

View attachment DDS.txt

View attachment SUPERAntiSpyware Scan Log - 08-26-2010 - 06-09-00.log

When attempting to run the GMER scan it blue screened the system.
I did not attempt to run it a second time.

With this in mind, can you please look over the attached files?

I'm not having significant issues with the system. Other than of course my concern for WHY it blue screened during the GMER scan. I would appreciate whatever assistance you can provide.

I can see in my hijackthis scan that I 'do' have a lot of processes running.
What can be done to correct this?


Thanks

 

[Bobbye]

Don't worry about the BSOD in GMER. A lot of users get it, for various reasons. It does not mean it's your problem. With what you are concerned about, I'd like you to do the following:

Please run this Security Check. I think you may have some overlap in this area:
Download Security Check and save it to your Desktop.

• Double-click SecurityCheck.exe to run.
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

==================================================
Regarding running unnecessary programs: Note: For uninstalls, see if program has it's own uninstaller. If it does, use that. If not, use Add/Remove Programs in the Control Panel:
1. Ask Toolbar: you will remove this program and all associated files. If is bundled with other downloads, rarely intentionally installed. Brings adware.
2.Adobe Reader 9.3.3> Uninstall. Don't need since you have FoxIt.
3.Advertising Center: Whatever this is, recommend uninstall.
4.CCleaner>> Duplicate cleanup programs. Remove one.
CleanUp!>> " ""
5.Driver Detective>> Per the Restore points: you have been installing/uninstalling programs to check for driver updates. Driver Detective and Driver Whiz. Suggest you uninstall both and do your own driver update checks.
6 FileHippo.com Update Checker: Since speed is an issue, check for update yourself. Uninstall.
7.HiJackThis>> Duplicate. Old version. Remove both. Don't need to run in background.HJT is a diagnostic program that only need to be run as needed.
HijackThis 2.0.2>> " " " "
8.MSConfig CleanUp 1.2>> More cleanup. Do it yourself.
9.Nero 8 Essentials>> old version> uninstall, keep v9
Nero 9 Essentials>> Keep this current version.
10.Nero StartSmart>> Duplicate of same program. Remove oldest.
Nero StartSmart OEM>> " " "
11.PC Pitstop Exterminate2 2.0>> checking to see if needed.
12.Sophos Anti-Rootkit 1.5.0>> Uninstall. Use only if Rootkit suspected, with supervised cleaning help.
13.Foxit Readery>> This replaces the Adobe Reader. If you only use to read PDF files, don't run Creator and Editor. (Foxit Creator/Foxit PDF Editor)
14.Removed COMODO Internet Security">> did you replace the firewall?
==========================================


Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

Do the uninstalls first. When through, reboot and run the Combofix scan. Paste the log in the next reply.You can split over 2 posts if needed.

 

[BillAllen55]

Requested Txt files

View attachment checkup.txt

ComboFix 10-08-25.01 - Philip Moore 08/26/2010 7:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1403 [GMT -7:00]
Running from: c:\documents and settings\Philip Moore\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

Other Deletions

c:\documents and settings\All Users\Application Data\page
c:\documents and settings\All Users\Application Data\page\page.ico
c:\documents and settings\All Users\Application Data\page\page.URL
c:\program files\INSTALL.LOG
c:\program files\PC Doc Pro v5
c:\program files\PC Doc Pro v5\Log.txt
c:\program files\PC Doc Pro v5\PC Doc Pro.ini
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\csftxctl.ocx

.
((((((((((((((((((((((((( Files Created from 2010-07-26 to 2010-08-26 )))))))))))))))))))))))))))))))
.

2010-08-26 14:40 . 2008-05-02 16:26 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2010-08-26 00:52 . 2010-08-26 00:52 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Auslogics
2010-08-22 12:22 . 2010-08-25 00:37 -------- d-----w- c:\program files\Anti Trojan Elite
2010-08-21 23:07 . 2010-08-21 23:07 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\Sunbelt Software
2010-08-18 12:30 . 2010-08-22 14:29 -------- d-----w- c:\program files\NetworkView36
2010-08-17 12:47 . 2010-08-17 15:23 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\CutePDF Writer
2010-08-17 12:44 . 2009-11-05 15:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2010-08-17 12:44 . 2010-08-17 12:44 -------- d-----w- c:\program files\Acro Software
2010-08-17 12:22 . 2010-08-17 12:23 -------- d-----w- c:\program files\gs
2010-08-12 18:29 . 2010-08-12 18:29 2772992 ----a-w- c:\windows\system32\GPhotos.scr
2010-08-04 13:10 . 2010-07-27 05:30 705208 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-04 13:10 . 2010-07-27 05:30 978664 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-07-30 13:31 . 2010-07-29 01:27 1833576 ----a-w- c:\windows\SkyTel.exe
2010-07-30 13:31 . 2010-07-29 01:27 1489512 ----a-w- c:\windows\RtlUpd.exe
2010-07-30 13:31 . 2010-07-29 01:27 53864 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-07-30 13:31 . 2010-07-27 20:54 1251944 ----a-w- c:\windows\RtlExUpd.dll
2010-07-30 13:18 . 2010-01-12 20:35 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-07-30 13:05 . 2010-07-30 13:05 -------- d-----w- c:\program files\SmartTweak Software
2010-07-30 12:55 . 2010-07-30 12:55 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\NVIDIA
2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Local Settings\Application Data\MotionDSP
2010-07-30 12:54 . 2010-08-24 22:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\MotionDSP
2010-07-30 12:39 . 2010-07-30 12:42 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Smart PC Solutions

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\program files\Common Files\Nero
2010-08-26 14:40 . 2009-02-15 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-08-26 14:38 . 2009-02-24 12:46 -------- d-----w- c:\program files\filehippo.com
2010-08-26 14:25 . 2010-03-30 14:43 -------- d-----w- c:\program files\PCPitstop
2010-08-26 14:24 . 2009-02-15 20:14 -------- d-----w- c:\program files\Google
2010-08-26 14:22 . 2009-02-15 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-08-26 14:21 . 2010-06-23 12:27 4167424 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-26 13:57 . 2009-03-26 13:32 -------- d-----w- c:\program files\Yahoo!
2010-08-26 13:57 . 2009-08-06 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-08-26 13:00 . 2010-04-29 21:23 63488 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-26 13:00 . 2009-10-31 11:14 117760 ----a-w- c:\documents and settings\Philip Moore\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-25 22:29 . 2009-02-19 22:59 -------- d-----w- c:\program files\ICQ
2010-08-25 14:20 . 2009-11-17 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-25 14:18 . 2009-03-05 14:39 -------- d-----w- c:\program files\Common Files\aol
2010-08-24 22:58 . 2009-03-18 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-24 22:55 . 2009-11-15 14:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-24 16:23 . 2010-03-24 12:56 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\QuickScan
2010-08-21 23:06 . 2009-02-15 18:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-21 23:04 . 2009-02-15 19:00 -------- d-----w- c:\program files\CCleaner
2010-08-16 12:48 . 2010-06-18 12:03 -------- d-----w- c:\program files\Auslogics
2010-08-14 20:29 . 2009-02-15 20:02 -------- d-----w- c:\program files\nLite
2010-08-14 20:21 . 2010-02-16 13:24 -------- d-----w- c:\program files\BSR Screen Recorder 4
2010-08-11 13:16 . 2009-02-15 17:45 -------- d-----w- c:\program files\Realtek
2010-08-08 23:48 . 2010-01-05 17:28 -------- d-----w- c:\program files\Last.fm
2010-08-07 11:56 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar Installer
2010-08-02 12:20 . 2009-11-13 13:24 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\CBS Interactive
2010-08-01 19:04 . 2009-02-15 20:10 34744 ----a-w- c:\documents and settings\Philip Moore\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-01 12:12 . 2010-05-04 13:53 -------- d-----w- c:\program files\MSECACHE
2010-07-31 12:47 . 2010-03-17 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-07-31 11:43 . 2010-07-26 13:04 -------- d-----w- c:\program files\Free Window Registry Repair
2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-30 12:58 . 2010-06-18 12:07 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-30 12:58 . 2010-06-18 12:07 233696 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-29 13:03 . 2010-05-31 13:36 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AVS4YOU
2010-07-29 01:27 . 2009-05-12 13:57 359016 ----a-w- c:\windows\vncutil.exe
2010-07-29 01:27 . 2009-02-15 17:46 84584 ----a-w- c:\windows\SOUNDMAN.EXE
2010-07-29 01:27 . 2009-02-15 17:46 9721960 ----a-w- c:\windows\RTLCPL.EXE
2010-07-29 01:27 . 2009-02-15 17:46 6108776 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-07-29 01:27 . 2009-05-12 13:57 129640 ----a-w- c:\windows\RtkAudioService.exe
2010-07-29 01:27 . 2009-02-15 17:45 19557480 ----a-w- c:\windows\RTHDCPL.EXE
2010-07-29 01:27 . 2009-02-15 17:45 2180712 ----a-w- c:\windows\MicCal.exe
2010-07-29 01:27 . 2009-03-28 13:58 64104 ----a-w- c:\windows\ALCMTR.EXE
2010-07-29 01:27 . 2009-02-15 17:45 2815592 ----a-w- c:\windows\ALCWZRD.EXE
2010-07-26 13:27 . 2010-07-26 13:27 -------- d-----w- c:\program files\3B Software
2010-07-26 12:47 . 2010-07-26 12:40 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\Error Fix
2010-07-26 12:43 . 2010-07-26 12:39 -------- d-----w- c:\program files\Error Fix
2010-07-23 14:29 . 2009-02-24 13:06 -------- d-----w- c:\program files\Virtual Earth 3D
2010-07-23 13:06 . 2009-02-15 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-23 13:05 . 2009-03-04 13:59 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-17 12:42 . 2010-07-09 11:54 -------- d-----w- c:\program files\Ask.com
2010-07-17 12:18 . 2010-07-09 12:27 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-16 18:34 . 2009-02-15 22:08 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\LimeWire
2010-07-16 18:34 . 2010-03-29 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-13 18:54 . 2010-07-13 18:09 -------- d-----w- c:\program files\AOL 9.1
2010-07-13 18:11 . 2009-02-15 18:20 -------- d-----w- c:\documents and settings\Philip Moore\Application Data\AOL
2010-07-13 18:11 . 2009-02-15 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-13 18:11 . 2010-07-13 18:09 -------- d-----w- c:\program files\Common Files\aolshare
2010-07-13 18:09 . 2009-11-21 15:46 711392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SinfInst.exe
2010-07-13 18:09 . 2009-02-15 18:12 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-07-13 18:08 . 2009-11-21 15:46 607392 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tpspd\wbsetup.exe
2010-07-13 18:08 . 2009-11-21 15:46 260040 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuinst.exe
2010-07-13 18:08 . 2009-11-21 15:46 15920 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpchk.dll
2010-07-13 18:08 . 2009-11-21 15:46 6144 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\ocfcheck.dll
2010-07-13 18:04 . 2009-11-21 15:46 2439824 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\ocpinsti.exe
2010-07-13 18:04 . 2009-11-21 15:46 11312 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\ecuchk.dll
2010-07-13 18:04 . 2009-11-21 15:46 1893728 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\waol-0.4334.34.7.exe
2010-07-13 18:03 . 2009-11-21 15:45 1475416 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpinst.exe
2010-07-13 18:03 . 2009-11-21 15:45 45056 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sysinfo\SiNdInst.dll
2010-07-13 18:03 . 2009-11-21 15:45 67120 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ccu\instSup.dll
2010-07-13 18:03 . 2009-11-21 15:45 61440 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\vwpt\VPPrePop.exe
2010-07-13 18:03 . 2009-11-21 15:45 54832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\parcon\AOLParconLink.exe
2010-07-13 18:03 . 2009-11-21 15:44 8139800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\acs\acssetup.exe
2010-07-13 18:02 . 2009-11-21 15:44 99256 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\sm\sminstlp.exe
2010-07-13 18:02 . 2009-11-21 15:44 62816 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\ocpgc.exe
2010-07-13 18:02 . 2009-11-21 15:44 1134216 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\flash\flash9ex.exe
2010-07-13 18:02 . 2009-11-21 15:44 75104 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\ocp\instSup.dll
2010-07-13 18:02 . 2009-11-21 15:44 10800 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfixchk.dll
2010-07-13 18:02 . 2009-11-21 15:44 223152 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\afix\wsfinst.exe
2010-07-13 18:02 . 2009-11-21 15:44 359184 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.7\comps\tb\tbsetup.exe
2010-07-12 14:12 . 2010-07-12 14:12 -------- d-----w- c:\program files\Microsoft IntelliPoint
2010-07-12 14:07 . 2010-07-12 14:07 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-07-12 12:38 . 2010-07-12 12:38 -------- d-----w- c:\program files\Common Files\Java
2010-07-12 12:37 . 2010-05-04 13:47 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-11 11:45 . 2010-07-11 11:45 2944904 ----a-w- c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-10 12:49 . 2010-01-01 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Wondershare
2010-07-10 12:48 . 2009-11-30 19:12 -------- d-----w- c:\program files\Wondershare
2010-07-09 23:24 . 2010-07-09 23:24 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-07-09 23:24 . 2010-07-09 23:24 277608 ----a-w- c:\windows\system32\nvmccs.dll
2010-07-09 23:24 . 2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-07-09 23:24 . 2010-07-09 23:24 155752 ----a-w- c:\windows\system32\nvsvc32.exe
2010-07-09 23:24 . 2010-07-09 23:24 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-07-09 23:24 . 2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 22:28 . 2009-03-01 16:29 32036 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-07-09 13:39 . 2009-11-20 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-07-09 13:09 . 2010-07-09 13:09 -------- d-----w- c:\program files\MSN Toolbar
2010-07-09 12:18 . 2010-07-09 12:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
2010-07-09 12:18 . 2010-07-09 12:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01009.Wdf
2010-07-09 12:18 . 2010-07-09 12:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-07 20:46 . 2009-11-20 15:20 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-08-22 14:58 . 2010-08-22 14:58 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 03:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Philip Moore^Start Menu^Programs^Startup^Y'z Toolbar.lnk]
backup=c:\windows\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-10-26 01:10 652624 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 08:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBTUpd]
2008-04-03 18:01 297480 ----a-w- c:\program files\GIGABYTE\GBTUpd\PreRun.exe

PART ONE OF COMBO FIX. SEND SECOND PART DIRECTLY

 

[BillAllen55]

Part two of Combo fix

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 11:18 136176 ----atw- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2008-06-24 18:34 41824 ----a-w- c:\program files\Common Files\aol\1279044589\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2009-11-12 00:23 1468256 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 00:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
2009-07-17 18:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar]
2009-12-09 04:29 240992 ----a-w- c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 23:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 23:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-08 06:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-07-29 01:27 19557480 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IJPLMSVC"=2 (0x2)
"GoogleDesktopManager-110408-113106"=3 (0x3)
"ose"=3 (0x3)
"Imapi Helper"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdate1c9967e6b8fdeaa"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" -b

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Winmx\\WinMX.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\RunUpd.exe"=
"c:\\Program Files\\GIGABYTE\\GBTUpd\\GBTUpd.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\UpdExe.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Philip Moore\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\aol\\1279044589\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/4/2010 7:31 AM 135336]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [2/15/2009 10:43 AM 80392]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2/15/2009 11:30 AM 222456]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\c:\program files\LogMeIn\x86\RaInfo.sys --> c:\program files\LogMeIn\x86\RaInfo.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/26/2009 6:43 AM 1691480]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [7/12/2010 7:07 AM 23456]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\7E.tmp --> c:\windows\system32\7E.tmp [?]
S4 gupdate1c9967e6b8fdeaa;Google Update Service (gupdate1c9967e6b8fdeaa);c:\program files\Google\Update\GoogleUpdate.exe [2/24/2009 5:50 AM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - ATWPKT2
.
Contents of the 'Scheduled Tasks' folder

2009-12-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

2010-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 12:50]

2010-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004Core.job
- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1303643608-725345543-1004UA.job
- c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-26 11:18]

2009-11-14 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 20:43]

2009-11-14 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-05-08 12:36]

2010-08-26 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 22:23]

2010-01-17 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-17 23:30]

2010-08-26 c:\windows\Tasks\User_Feed_Synchronization-{4C7BC7CC-AEA4-4620-A730-E10550B9C4A5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: sitesell.com
FF - ProfilePath - c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cocc.edu/
FF - prefs.js: keyword.URL - hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=sf&tbid=80105&language=en&qkw=
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\Firefox\Profiles\yloszscu.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\Philip Moore\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Philip Moore\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox 4.0 Beta 1\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{1E01C8AD-95BB-498A-8CAC-70FD1348936F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-FileHippo - c:\program files\filehippo.com\UpdateChecker.exe
MSConfigStartUp-RebateInformer - c:\progra~1\REBATE~1\REBATE~1.EXE
MSConfigStartUp-Windows Registry Repair Pro - c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F679CE86-4DBE-74D7-4C73-9586DE8246D5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10f_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2010-08-26 07:50:01
ComboFix-quarantined-files.txt 2010-08-26 14:49

Pre-Run: 357,893,189,632 bytes free
Post-Run: 357,843,238,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - C3FF5749B6F5E9881ABB399DA5F42FC0

 

[Bobbye]

Let's try a different security check> some of the programs I see aren't showing on the one I had you run> For instance, Sunbelt Software is a leading provider of Windows security software including antispyware software, endpoint security software and other, AntiTrojan Elite:

Download eSec-Info2.zip and save it to your Desktop.
You will need to extract the file.

• Right click on the zipped folder> click on Extract All...
• Click on Next In the 'Extraction Wizard'window that opens
• click on Next> and in the next window that appears
• click on Finish in the final window
  
• Double click on the folder Sec-info2.vbs to run
• When completed, a text file named Sec-Info.txtis created in the same folder
• Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

I have to finish checking the Combox log.

 

[BillAllen55]

Requested Txt File

Bobbye:
I wanted to tell you after the recommended scans the system seems to be much faster and more like how it once was.
I think we are getting there.


Script run: 8/27/2010 4:18:25 AM

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: Avira GmbH
AV Name: AntiVir Desktop
Version Number: 10.0.1.44
On-Access Scanning Enabled: Yes
Product up-to-date: Yes

~~~~~~~~~~~~~~~~~~~~~~~~

The Windows Firewall is enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

The Security Center Anti-Virus Alerts are enabled.
The Security Center Firewall Alerts are enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

Number of Restore Points found: 108

~~~~~~~~~~~~~~~~~~~~~~~~


Script run: 8/27/2010 4:19:58 AM

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: Avira GmbH
AV Name: AntiVir Desktop
Version Number: 10.0.1.44
On-Access Scanning Enabled: Yes
Product up-to-date: Yes

~~~~~~~~~~~~~~~~~~~~~~~~

The Windows Firewall is enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

The Security Center Anti-Virus Alerts are enabled.
The Security Center Firewall Alerts are enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

Number of Restore Points found: 108

~~~~~~~~~~~~~~~~~~~~~~~~


Script run: 8/27/2010 4:20:03 AM

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: Avira GmbH
AV Name: AntiVir Desktop
Version Number: 10.0.1.44
On-Access Scanning Enabled: Yes
Product up-to-date: Yes

~~~~~~~~~~~~~~~~~~~~~~~~

The Windows Firewall is enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

The Security Center Anti-Virus Alerts are enabled.
The Security Center Firewall Alerts are enabled.

~~~~~~~~~~~~~~~~~~~~~~~~

Number of Restore Points found: 108

~~~~~~~~~~~~~~~~~~~~~~~~

 

[Bobbye]

I don't know why the security scans aren't picking up what I'm seeing! The scan should actually be listing what program you have by name: the only name I see if Avira. Looking at installed programs and running processes, i see these:
Adobe Reader 9.3.3
Avira AntiVir Personal
COMODO Internet Security
ESET Online Scanner v3
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.8)
PC Pitstop Exterminate2 2.0
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
Also see this: 2010-08-22 12:22:08 0 d-----w- c:\program files\Anti Trojan Elite
These should be in the security check along with their versions to make sure they are up to date.

And I found another driver program> 'Driver Cure'.

Please run this Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

File::
c:\docume~1\philip~1\locals~1\temp\cpuz132\cpuz132_x32.sys
c:\windows\system32\7e.tmp
c:\program files\logmein\x86\rainfo.sys
c:\documents and settings\All Users\Application Data\DriverCure
c:\program files\anti trojan elite\atepmon.sys

Folder::

DDS::
TB: {1E01C8AD-95BB-498A-8CAC-70FD1348936F} - No File
TB: {C70E30C7-140A-4166-A2E8-43557E62B41A} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

Registry::
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]

Driver::
cpuz132
MEMSWEEP2
LMIInfo
LMIRfsClientNP
ATE_PROCMON

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
===========================================
Then =Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

 

[BillAllen55]

Attempting to run Combofix

Bobbye,
After copying the data provided in your last reply,
I then downloaded to my desktop a copy of the Combofix program.
After this I shut down all browsers, and disabled my security protection. (Avira)
I dragged the text file with info you provided to the Combofix program icon, from the desktop.
I get through part of the installation process of the program and then receive this message:

Errors encountered while performing the operation
Look at the information window for more details.
There is no 'information window' visible.

I then restarted my system.

As an addition piece of info, The link you provided did not allow me to download the combofix directly from your posting. I went to Bleeping computer and downloaded the combofix program from that website.
I can't see how this would effect anything unless of course if I didn't get the correct version that you had intended for me to have.


I went through this process twice, (double checking the cut and paste) before responding to you.

Your thoughts?

 

[Bobbye]

After copying the data provided in your last reply,
I then downloaded to my desktop a copy of the Combofix program.

Bill, you should already have Combofix on the desktop. The script does not require you to download it again, but runs from within the program you have on the desktop per the drag and drop.

Instructions are:
Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

I had one other person do the same thing yesterday.

 

[BillAllen55]

The requested scan txt.

Bobbye,
I apologize for the last posting.
I was able to correct the error. (user error)
Here are the requested attachments:

View attachment log.txt

View attachment checkup.txt

 

[Bobbye]

Bill, I'm a it confused about the link that didn't work and the post I'm suppose to ignore. The link for Combofix works fine. As for the log- if you're referring to the security log post, Yes, it wasn't what I gave you. This one is fine- although all not showing.

But the Combofix still isn't right. You have given me the same log twice, without the script being run, so the deletions I set up haven't been done.This part, in the header: "Running from: c:\documents and settings\Philip Moore\My Documents\Downloads\ComboFix.exe" should be followed by this: "
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt

 

[BillAllen55]

Number 11 posting you put this
sentence: Please run this Custom CFScript

This link does not work. does not give one
an opportunity to click on it.

I apologize for sending the incorrect
combofix txt. I have searched my HDD and I
don't have a combofix.txt dated from today.

Would you recommend me run the combofix a second time?

If so can you include the txt that you want added to
the combofix prior to starting it?

 

[BillAllen55]

Combofix txt, eset txt Attachment

I believe this is what you need for you to check things out.
Let me know. View attachment ComboFix.txt

View attachment log08.28.2010.txt

 

[Bobbye]

I went back and reread your post about Combofix- here's where the mixup was:
1. Combofix must be downloaded and run first. There is a link for the download.
2. After I view the log, if necessary, I write 'custom' (just for you) script to move some files. I put it this in the Code box (this is the custom script)
3. You copy the text in the Code box, then paste in Notepad that you opened.
3. The text (which is the script from the Code Box) is then dragged into the Combofix.txt.
There is no link. I made the words Custom script in bold, purple text. It's not a link. Links are blue.
4. When complete, we ask that the log generated after running the script be pasted into the next reply.

CFScript to run: (see Code box)

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

KillAll::
File::

Folder::
c:\program files\Anti Trojan Elite
c:\documents and settings\Philip Moore\Local Settings\Application Data\Sunbelt Software
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\Free Window Registry Repair
c:\program files\Error Fix
c:\program files\Ask.com
c:\documents and settings\Philip Moore\Application Data\LimeWire
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\All Users\Application Data\DriverCure

RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

RegNull::
[HKEY_USERS\S-1-5-21-1547161642-1303643608-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F679CE86-4DBE-74D7-4C73-9586DE8246D5}*]

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
===========================
Download the HijackThis Installer HERE and save to the desktop:

1. Double-click on HJTInstall.exe to run the program.
2. By default it will install to C:\Program Files\Trend Micro\HijackThis.
3. Accept the license agreement by clicking the "I Accept" button.
4. Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
5. Click "Save log" to save the log file and then the log will open in notepad.
6. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
7. Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

 

[BillAllen55]

2 attachmets

Bobbye,

Here are the two attachments.
I wanted to stop and thank you very much for your assistance.
I'm going back to school as a VERY old man will be studying to become a
Master Automotive Tech and NEED my computer in the best shape possible
for study purposes.
This is a tremendous help!

View attachment log8.30.txt

View attachment hijackthis.log

 

[Bobbye]

You are very welcome. You will love going back to school- you'll be the best student in the class. When adults go back, their time is precious- each minute has to count. So they don't do the foolish things of youth that take time away from the learning process. The hardest thing you'll have to do is separate the information that has to stay in your brain from that which can be recalled later.

I wish you the best! Been there, done that and it was one of the best experiences of my life!

IF you want to keep the system in good shape, stay away from LimeWire and any other file sharing programs. Don't overload the browser with too many addons. Be careful in ICQ.

Take this site out of the Trusted Zone. That zone has lower security and nothing needs to be in it:
Use either the Control Panel or Tools in IE> Internet Options> Security tab> Trusted Sites> Sited:
Paste in sitesell.com> Click on Remove> OK> Apply> OK
Even if you participate there, it shouldn't be listed as a trusted site.

I have removed significant content from your system. You can streamline it further by removing processes from Startup that you don't need to start on boot and run in the background. Additionally, check the Add/Remove Programs in the Control Panel. Uninstall anything you no longer use. If you don't know what it is, search.

I don't see any remaining malware. How is the system running? Any problems. IF resolved, I'll have you remove the cleaning tools.

 

[BillAllen55]

Thanks to your fine direction, the computer is running much as it did when it was first assembled.
The wife enjoys ICQ so, I am basically stuck with having this program on the system. She does not spend a lot of time there, she doesn't use it for transferring files. Which of the cleaning tools specifically are you suggesting that I remove? The Combofix and Eset? I have other maintenance tools that I use. Which should I remove?

 

[BillAllen55]

By the way, I believe early on in your direction, you said it was not a big deal to resolve the situation with the adobe update. I use Firefox for my PDF's and the Firefox reader. Would you recommend that I get rid of Adobe reader. Or is it better to correct the issue with getting it to update the files?

The first part of my posting had to do, with not being able to update the Adobe program.

 

[Bobbye]

I use Firefox for my PDF's and the Firefox reader.

If you use the FoxIt Reader for PDF files, you do not need the Adobe Reader (sometimes shown as 'Acrobat') and it can be removed in Add/Remove Programs. The Adobe Reader has a lot of bloat that the FoxIt Reader doesn't have, but FoxIt does the same thing.

The instructions I gave are for removal of the tools we used for cleaning> that would be Malwarebytes, GMER, DDS, Combofix, HijackThis and Eset. Some of these are for 1 time scanning free and not suitable to leave on the system

 

[BillAllen55]

Bobbye,

I believe issues relating to virus issues are resolved. I've been having connection issues with my Modem/router on and off for about 6 weeks. The service provider technician came out to the house and installed what he called an amplifier which from early service seems to have taken care of the problem. I believe you have corrected all issues and again I say thanks to you and feel all issues have been resolved.

 

[Bobbye]

You're welcome. Glad to help. Check the following to help you stay clean:

Tips for added security and safer browsing:

1. Browser Security Settings: Custom is fine if the user did the settings. Mine are Custom. Default is okay too, but sometimes too restrictive.
   This Tutorial will help guide you through Configuring Security Settings, Managing Active X Controls and other safety features: Make Internet Explorer safer.
   
2. Have layered Security:
   • Antivirus Software(only one):Both of the following programs are free and known to be good:
     [o]Avira Free
     [o]Avast Home
   • Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
     [o]Comodo
     [o]Zone Alarm
   • Antispyware: I recommend all of the following:
     [o]Spywareblaster: SpywareBlaster protects against bad ActiveX. It places kill bits to stop bad Active X controls from being installed. Remember to update it regularly.
   [o]IE/Spyad This places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
   [o]MVPS Hosts files This replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
   [o]Google Toolbar Get the free google toolbar to help stop pop up windows.
   
3. Stay current on updates:
   [o] Visit the Microsoft Download Sitefrequently. You should get All updates marked Critical and the current SP updates.
   [o]Visit this Adobe Reader site often and make sure you have the most current update. Uninstall any earlier updates as they are vulnerabilities.
   [o]Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs.
   
4. Reset Cookies to prevent Tracking Cookies:
   [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
   [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
   I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
   AdBlock Plus
   Easy List
   
5. Do regular Maintenance
6. Remove Temporary Internet Files regularly:
   [o]ATF Cleaner by Atribune
   OR
   [o]TFC
7. Disable and Enable System Restore:
   [o]See System Restore Guide This will help you understand what this is, why you need to clean and set restore points and what information is in them.
   
8. Practice Safe Email Handling
   [o] Don't open email from anyone you don't know.
   [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
   [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

I'm going to close this thread now. Let me know if you have questions in the future.