TechSpot

Update failure (Spywareblaster & Malwarebytes) access is denied

By Swive
May 13, 2011
  1. Unable to update Spywareblaster, Spybot or Malwarebytes - Error Message = Access is Denied. MBAM is clean. Spybot had 'fixed' spyware. Recently installed NAV is clean and can update itself.

    Thanks in Advance!
    ----------------------------------- --------------------------- --------------------
    GMER
    GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
    Rootkit quick scan 2011-05-13 17:32:02
    Windows 5.1.2600 Service Pack 2


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----

    DDS:
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Stephen H. Blum at 17:33:48.67 on Fri 05/13/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2550.1827 [GMT -5:00]
    .
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    svchost.exe
    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    C:\TempDL\gmer\gmer.exe
    C:\TempDL\Spyware_Removal\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
    uSearchAssistant = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYATgBKADMAMgAtAEcAMwBMAEEAQQAtAEEANAA4ADkAUgAtADkAVQBKAEsARgAtAEUASwBLADMAWAA"&"inst=NwA3AC0AOAA2ADQANgAwADYANwA2AC0AVAA1AC0AVQA4ADUAKwAxAC0AQgBBACsAMQAtAFgATAArADEALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAxAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: phantombidder.com\www
    Trusted Zone: musicmatch.com\online
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.cox.com/sdccommon/download/tgctlcm.cab
    DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://westarfalconcam1.viewnetcam.com/JpegInst.cab
    DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160592171781
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: cru629.dat
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-13 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-13 744568]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-8-28 3968]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110430.001\BHDrvx86.sys [2011-5-13 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-13 136312]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-13 130008]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110512.001\IDSXpx86.sys [2011-5-13 341944]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110513.002\naveng.sys [2011-5-13 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110513.002\navex15.sys [2011-5-13 1393144]
    S2 gupdate1ca1a069b09d31e;Google Update Service (gupdate1ca1a069b09d31e);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-8-13 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-8-13 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
    S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-13 21:40:49 -------- d-----w- c:\program files\Windows Resource Kits
    2011-05-13 17:07:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-05-13 17:07:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-05-13 17:07:00 -------- d-----w- c:\program files\Symantec
    2011-05-13 17:07:00 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-05-13 17:06:52 369784 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symtdi.sys
    2011-05-13 17:06:52 331384 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symtdiv.sys
    2011-05-13 17:06:51 744568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symefa.sys
    2011-05-13 17:06:51 516216 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtsp.sys
    2011-05-13 17:06:51 50168 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtspx.sys
    2011-05-13 17:06:51 340088 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symds.sys
    2011-05-13 17:06:51 296568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symnets.sys
    2011-05-13 17:06:51 136312 ----a-r- c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys
    2011-05-13 17:06:23 -------- d-----w- c:\windows\system32\drivers\nav\1206000.01D
    2011-05-13 17:05:37 -------- d-----w- c:\windows\system32\drivers\NAV
    2011-05-13 17:05:34 -------- d-----w- c:\program files\Norton AntiVirus
    2011-05-13 16:31:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2011-05-13 16:24:24 -------- d-----w- c:\program files\NortonInstaller
    2011-05-13 16:24:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2011-05-11 19:20:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-11 19:20:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-05-06 12:56:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-04-20 20:13:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-20 20:13:59 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    ==================== Find3M ====================
    .
    2011-04-01 17:37:50 50 ----a-w- C:\QB_C_M.bat
    2011-04-01 17:35:01 75 ----a-w- C:\QB_SB_OFFICE.bat
    .
    ============= FINISH: 17:34:26.53 ===============

    Attach:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/9/2006 5:26:20 PM
    System Uptime: 5/13/2011 11:22:35 AM (6 hours ago)
    .
    Motherboard: Dell Inc. | | 0HJ054
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 48.948 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Linksys Wireless-G PCI Adapter
    Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&5855BE9&0&10F0
    Manufacturer: Linksys, A Division of Cisco Systems, Inc.
    Name: Linksys Wireless-G PCI Adapter
    PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_00551737&REV_00\4&5855BE9&0&10F0
    Service: RT61
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0
    Service: E100B
    .
    ==== System Restore Points ===================
    .
    RP847: 2/14/2011 8:41:20 AM - System Checkpoint
    RP848: 2/16/2011 7:37:20 AM - System Checkpoint
    RP849: 2/18/2011 8:06:12 AM - System Checkpoint
    RP850: 2/21/2011 8:37:01 AM - System Checkpoint
    RP851: 2/23/2011 7:37:28 AM - System Checkpoint
    RP852: 2/25/2011 8:34:14 AM - System Checkpoint
    RP853: 2/28/2011 8:22:42 AM - System Checkpoint
    RP854: 3/2/2011 7:36:39 AM - System Checkpoint
    RP855: 3/2/2011 5:10:58 PM - Software Distribution Service 3.0
    RP856: 3/4/2011 8:25:53 AM - System Checkpoint
    RP857: 3/7/2011 8:21:08 AM - System Checkpoint
    RP858: 3/9/2011 7:21:41 AM - System Checkpoint
    RP859: 3/9/2011 8:01:15 AM - Software Distribution Service 3.0
    RP860: 3/11/2011 8:15:41 AM - System Checkpoint
    RP861: 3/14/2011 8:16:45 AM - System Checkpoint
    RP862: 3/16/2011 7:22:10 AM - System Checkpoint
    RP863: 3/16/2011 11:12:30 AM - Avg Update
    RP864: 3/16/2011 11:12:58 AM - Avg Update
    RP865: 3/18/2011 8:21:16 AM - System Checkpoint
    RP866: 3/28/2011 8:26:44 AM - System Checkpoint
    RP867: 3/28/2011 11:17:57 AM - Printer Driver Amyuni Document Converter 400 Installed
    RP868: 3/30/2011 7:25:53 AM - System Checkpoint
    RP869: 4/1/2011 8:24:31 AM - System Checkpoint
    RP870: 4/4/2011 8:32:21 AM - System Checkpoint
    RP871: 4/6/2011 7:44:05 AM - System Checkpoint
    RP872: 4/8/2011 8:23:07 AM - System Checkpoint
    RP873: 4/13/2011 7:21:24 AM - System Checkpoint
    RP874: 4/13/2011 5:18:03 PM - Software Distribution Service 3.0
    RP875: 4/15/2011 8:19:28 AM - System Checkpoint
    RP876: 4/18/2011 8:21:29 AM - System Checkpoint
    RP877: 4/20/2011 7:20:36 AM - System Checkpoint
    RP878: 4/20/2011 3:07:59 PM - Restore Operation
    RP879: 4/22/2011 11:06:10 AM - System Checkpoint
    RP880: 4/25/2011 8:23:01 AM - System Checkpoint
    RP881: 4/27/2011 7:21:03 AM - System Checkpoint
    RP882: 5/2/2011 8:31:36 AM - System Checkpoint
    RP883: 5/2/2011 2:30:50 PM - Installed Linksys Wireless-G PCI Adapter
    RP884: 5/2/2011 2:37:11 PM - Unsigned driver install
    RP885: 5/4/2011 7:05:20 AM - Removed Linksys Wireless-G PCI Adapter
    RP886: 5/4/2011 7:54:51 AM - Unsigned driver install
    RP887: 5/4/2011 8:54:34 AM - Update to an unsigned driver
    RP888: 5/4/2011 9:43:01 AM - Installed Linksys Wireless-G PCI Adapter
    RP889: 5/4/2011 10:37:24 AM - Removed Linksys Wireless-G PCI Adapter
    RP890: 5/4/2011 12:08:12 PM - Unsigned driver install
    RP891: 5/6/2011 8:15:40 AM - System Checkpoint
    RP892: 5/9/2011 8:18:06 AM - System Checkpoint
    RP893: 5/9/2011 6:21:43 PM - Printer Driver Amyuni Document Converter 400 Installed
    RP894: 5/9/2011 7:01:29 PM - Software Distribution Service 3.0
    RP895: 5/11/2011 7:40:30 AM - System Checkpoint
    RP896: 5/13/2011 10:58:20 AM - System Checkpoint
    RP897: 5/13/2011 11:20:39 AM - Removed AVG Free 9.0
    RP898: 5/13/2011 11:22:02 AM - Installed AVG Free 9.0
    RP899: 5/13/2011 4:40:48 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.9
    Amazon MP3 Downloader 1.0.3
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    AVG Anti-Rootkit Free
    Brother BRAdmin Professiona 2.68
    Brother HL-2140
    Brother MFL-Pro Suite
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Corel WordPerfect Suite 8
    Cox Online Support Controls
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support 3.2
    Dell System Restore
    Digital Content Portal
    Digital Line Detect
    EASEUS Partition Master 6.1.1 Home Edition
    ELIcon
    eMusic Download Manager 3.0
    Full Tilt Poker
    Google Earth
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB835221
    Homestead SiteBuilder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB908673)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works
    Modem Helper
    Move Media Player
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch® Jukebox
    NetWaiting
    Norton AntiVirus
    Octoshape add-in for Adobe Flash Player
    PaperPort
    PBSW 2.4 Update
    PBSW2 DEMO version 2.4
    Qualxserve Service Agreement
    QuickBooks
    QuickBooks Pro 2008
    QuickBooks Pro 2010
    QuickTime
    RealPlayer Basic
    SearchAssist
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Skype Toolbars
    SkypeMate
    Skype™ 4.2
    Sonic Activation Module
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SupportSoft Assisted Service
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Viewpoint Media Player
    Virtools 3D Life Player
    WavePad Sound Editor
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Resource Kit Tools - SubInAcl.exe
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2011 7:47:03 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    5/9/2011 3:47:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/9/2011 3:46:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/9/2011 3:46:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/6/2011 7:51:38 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00226BA5DF7E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    5/11/2011 5:05:12 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CYNTHIAS-MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7C51510-3DFE-4. The master browser is stopping or an election is being forced.
    5/11/2011 2:10:16 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    5/11/2011 12:30:42 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00:23:6C:7F:89:F6. Network operations on this system may be disrupted as a result.
    .
    ==== End Of File ===========================

    All help greatly appreciated!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll hep pin down the problem. "Access is denied" may be a permission issue.

    You are running 2 antivirus programs:
    McAfee and Norton. Please remove one of them. Here are tools to help:
    McAfee Removal
    Norton Removal Tool
    Multiple AV programs actually makes the system more vulnerable, not less.
    Please reboot the computer when finished.

    Go ahead and do that while I check the rest of the logs.
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. Swive

    Swive TS Rookie Topic Starter

    Thanks for the quick reply!

    Interesting... I thought I'd deleted McAfee Long ago. It is absent from Control Panel/Add-Remove Programs.

    When I tried to run MCPR.exe I got this error: "unable to write to c:\documents&settings\all users\application data/mcafee/spamkiller/mskdetct.data" and then MCPR hung up at "Removing product MSKCU.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, you need to do more housekeeping. It's possible that the install showing as SearchAssist is malware, but I don't have enough information yet to determine that.
    =======================================
    About Java: Most of the Java updates are for security purposes. So it's important that you get the, And it is also very important that you uninstall the earlier version because that is a vulnerability to the system. You have 9 versions of Java on the system. And you have gotten one of them v6u22 three times. Java doesn't overwrite the old version when it updates, so you need to go into Add/Remove Programs to uninstall it.

    But you have so many versions, you will need to run the following to remove all of them. Then you can click on the link and get the latest version v6u24. Note: I do not want the log from this.

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.

    Then download and install then most current version and update of Java Runtime
    Environment (JRE)
    HERE.
    =====================================
    About the Adobe Reader The current version is v10(X). You have v7. It's the same story as Java, but there is only one entry for you to remove in Add/Remove Programs after you update:
    Visit this Adobe Reader site Uninstall any earlier updates as they are vulnerabilities.
    ================================
    According to these Restore Points: You removed AVG 9, then installed it! Of course this doesn't make much sense, but I do see the uninstaller and we will remove that.
    RP897: 5/13/2011 11:20:39 AM - Removed AVG Free 9.0
    RP898: 5/13/2011 11:22:02 AM - Installed AVG Free 9.0

    ================================
    When you have finished the housekeeping, please go ahead and run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer>>>>> Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    I didn't see any entries for McAfee in the processes, but it is showing in the DDS header. There may be Registry entries for it and I'll have you remove those after you run Combofix.
     
  5. Swive

    Swive TS Rookie Topic Starter

    OK... I got rid of Mcafee (I think!)

    here are newest DDS files:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Stephen H. Blum at 18:46:37.39 on Fri 05/13/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2550.1942 [GMT -5:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe
    C:\Program Files\Brownie\BrstsWnd.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\Brownie\brpjp04a.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\TempDL\Spyware_Removal\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
    uSearchAssistant = hxxp://www.google.com
    mSearchAssistant = hxxp://www.google.com
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
    mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [MSKDetectorExe] "c:\program files\mcafee\spamkiller\MSKDetct.exe" /uninstall
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: phantombidder.com\www
    Trusted Zone: musicmatch.com\online
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://support.cox.com/sdccommon/download/tgctlcm.cab
    DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://westarfalconcam1.viewnetcam.com/JpegInst.cab
    DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} - hxxp://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160592171781
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: cru629.dat
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-13 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-13 744568]
    R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2009-8-28 3968]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110430.001\BHDrvx86.sys [2011-5-13 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-13 136312]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-13 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-13 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110512.001\IDSXpx86.sys [2011-5-13 341944]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110513.002\naveng.sys [2011-5-13 86136]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

    data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110513.002\navex15.sys [2011-5-13 1393144]
    S2 gupdate1ca1a069b09d31e;Google Update Service (gupdate1ca1a069b09d31e);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-8-13 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-8-13 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
    S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\intuit\quickb~2\qbdbmgrn.exe -hvquickbooksdb20 --> c:\progra~1\intuit\quickb~2\QBDBMgrN.exe -hvQuickBooksDB20

    [?]
    .
    =============== Created Last 30 ================
    .
    2011-05-13 23:12:31 -------- d-----w- c:\docume~1\stephe~1.blu\locals~1\applic~1\NPE
    2011-05-13 21:40:49 -------- d-----w- c:\program files\Windows Resource Kits
    2011-05-13 17:07:00 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-05-13 17:07:00 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-05-13 17:07:00 -------- d-----w- c:\program files\Symantec
    2011-05-13 17:07:00 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-05-13 17:06:52 369784 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symtdi.sys
    2011-05-13 17:06:52 331384 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symtdiv.sys
    2011-05-13 17:06:51 744568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symefa.sys
    2011-05-13 17:06:51 516216 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtsp.sys
    2011-05-13 17:06:51 50168 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\srtspx.sys
    2011-05-13 17:06:51 340088 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symds.sys
    2011-05-13 17:06:51 296568 ----a-w- c:\windows\system32\drivers\nav\1206000.01d\symnets.sys
    2011-05-13 17:06:51 136312 ----a-r- c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys
    2011-05-13 17:06:23 -------- d-----w- c:\windows\system32\drivers\nav\1206000.01D
    2011-05-13 17:05:37 -------- d-----w- c:\windows\system32\drivers\NAV
    2011-05-13 17:05:34 -------- d-----w- c:\program files\Norton AntiVirus
    2011-05-13 16:31:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2011-05-13 16:24:24 -------- d-----w- c:\program files\NortonInstaller
    2011-05-13 16:24:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2011-05-11 19:20:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-11 19:20:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2011-05-06 12:56:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2011-04-20 20:13:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-20 20:13:59 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    ==================== Find3M ====================
    .
    2011-04-01 17:37:50 50 ----a-w- C:\QB_C_M.bat
    2011-04-01 17:35:01 75 ----a-w- C:\QB_SB_OFFICE.bat
    .
    ============= FINISH: 18:48:11.79 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/9/2006 5:26:20 PM
    System Uptime: 5/13/2011 6:42:06 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | | 0HJ054
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 49.077 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/100 VE Network Connection
    Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0
    Manufacturer: Intel
    Name: Intel(R) PRO/100 VE Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_27DC&SUBSYS_01AB1028&REV_01\4&5855BE9&0&40F0
    Service: E100B
    .
    ==== System Restore Points ===================
    .
    RP847: 2/14/2011 8:41:20 AM - System Checkpoint
    RP848: 2/16/2011 7:37:20 AM - System Checkpoint
    RP849: 2/18/2011 8:06:12 AM - System Checkpoint
    RP850: 2/21/2011 8:37:01 AM - System Checkpoint
    RP851: 2/23/2011 7:37:28 AM - System Checkpoint
    RP852: 2/25/2011 8:34:14 AM - System Checkpoint
    RP853: 2/28/2011 8:22:42 AM - System Checkpoint
    RP854: 3/2/2011 7:36:39 AM - System Checkpoint
    RP855: 3/2/2011 5:10:58 PM - Software Distribution Service 3.0
    RP856: 3/4/2011 8:25:53 AM - System Checkpoint
    RP857: 3/7/2011 8:21:08 AM - System Checkpoint
    RP858: 3/9/2011 7:21:41 AM - System Checkpoint
    RP859: 3/9/2011 8:01:15 AM - Software Distribution Service 3.0
    RP860: 3/11/2011 8:15:41 AM - System Checkpoint
    RP861: 3/14/2011 8:16:45 AM - System Checkpoint
    RP862: 3/16/2011 7:22:10 AM - System Checkpoint
    RP863: 3/16/2011 11:12:30 AM - Avg Update
    RP864: 3/16/2011 11:12:58 AM - Avg Update
    RP865: 3/18/2011 8:21:16 AM - System Checkpoint
    RP866: 3/28/2011 8:26:44 AM - System Checkpoint
    RP867: 3/28/2011 11:17:57 AM - Printer Driver Amyuni Document Converter 400 Installed
    RP868: 3/30/2011 7:25:53 AM - System Checkpoint
    RP869: 4/1/2011 8:24:31 AM - System Checkpoint
    RP870: 4/4/2011 8:32:21 AM - System Checkpoint
    RP871: 4/6/2011 7:44:05 AM - System Checkpoint
    RP872: 4/8/2011 8:23:07 AM - System Checkpoint
    RP873: 4/13/2011 7:21:24 AM - System Checkpoint
    RP874: 4/13/2011 5:18:03 PM - Software Distribution Service 3.0
    RP875: 4/15/2011 8:19:28 AM - System Checkpoint
    RP876: 4/18/2011 8:21:29 AM - System Checkpoint
    RP877: 4/20/2011 7:20:36 AM - System Checkpoint
    RP878: 4/20/2011 3:07:59 PM - Restore Operation
    RP879: 4/22/2011 11:06:10 AM - System Checkpoint
    RP880: 4/25/2011 8:23:01 AM - System Checkpoint
    RP881: 4/27/2011 7:21:03 AM - System Checkpoint
    RP882: 5/2/2011 8:31:36 AM - System Checkpoint
    RP883: 5/2/2011 2:30:50 PM - Installed Linksys Wireless-G PCI Adapter
    RP884: 5/2/2011 2:37:11 PM - Unsigned driver install
    RP885: 5/4/2011 7:05:20 AM - Removed Linksys Wireless-G PCI Adapter
    RP886: 5/4/2011 7:54:51 AM - Unsigned driver install
    RP887: 5/4/2011 8:54:34 AM - Update to an unsigned driver
    RP888: 5/4/2011 9:43:01 AM - Installed Linksys Wireless-G PCI Adapter
    RP889: 5/4/2011 10:37:24 AM - Removed Linksys Wireless-G PCI Adapter
    RP890: 5/4/2011 12:08:12 PM - Unsigned driver install
    RP891: 5/6/2011 8:15:40 AM - System Checkpoint
    RP892: 5/9/2011 8:18:06 AM - System Checkpoint
    RP893: 5/9/2011 6:21:43 PM - Printer Driver Amyuni Document Converter 400 Installed
    RP894: 5/9/2011 7:01:29 PM - Software Distribution Service 3.0
    RP895: 5/11/2011 7:40:30 AM - System Checkpoint
    RP896: 5/13/2011 10:58:20 AM - System Checkpoint
    RP897: 5/13/2011 11:20:39 AM - Removed AVG Free 9.0
    RP898: 5/13/2011 11:22:02 AM - Installed AVG Free 9.0
    RP899: 5/13/2011 4:40:48 PM - Installed Windows Resource Kit Tools - SubInAcl.exe
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.65
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.9
    Amazon MP3 Downloader 1.0.3
    AOL Coach Version 1.0(Build:20040229.1 en)
    AOL Uninstaller (Choose which Products to Remove)
    AOLIcon
    AVG Anti-Rootkit Free
    Brother BRAdmin Professiona 2.68
    Brother HL-2140
    Brother MFL-Pro Suite
    CCleaner
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Corel WordPerfect Suite 8
    Cox Online Support Controls
    Critical Update for Windows Media Player 11 (KB959772)
    Dell CinePlayer
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Support 3.2
    Dell System Restore
    Digital Content Portal
    Digital Line Detect
    EASEUS Partition Master 6.1.1 Home Edition
    ELIcon
    eMusic Download Manager 3.0
    Full Tilt Poker
    Google Earth
    Google Update Helper
    Google Updater
    High Definition Audio Driver Package - KB835221
    Homestead SiteBuilder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB896256)
    Hotfix for Windows XP (KB906569)
    Hotfix for Windows XP (KB908673)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet for Wired Connections
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 22
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    MCU
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Office 2003 Primary Interop Assemblies
    Microsoft Office Professional Edition 2003
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Works
    Modem Helper
    Move Media Player
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB973686)
    Musicmatch® Jukebox
    NetWaiting
    Norton AntiVirus
    Octoshape add-in for Adobe Flash Player
    PaperPort
    PBSW 2.4 Update
    PBSW2 DEMO version 2.4
    Qualxserve Service Agreement
    QuickBooks
    QuickBooks Pro 2008
    QuickBooks Pro 2010
    QuickTime
    RealPlayer Basic
    SearchAssist
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Skype Toolbars
    SkypeMate
    Skype™ 4.2
    Sonic Activation Module
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SupportSoft Assisted Service
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    URL Assistant
    Viewpoint Media Player
    Virtools 3D Life Player
    WavePad Sound Editor
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows Resource Kit Tools - SubInAcl.exe
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB889673
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinZip
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/9/2011 3:57:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    5/9/2011 3:54:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/9/2011 3:54:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    5/9/2011 3:47:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Beep Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:47:20 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    5/9/2011 3:46:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    5/6/2011 7:51:38 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00226BA5DF7E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    5/13/2011 6:34:41 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SMR162.SYS' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    5/13/2011 5:38:23 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
    5/11/2011 5:05:12 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer CYNTHIAS-MAC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B7C51510-3DFE-4. The master browser is stopping or an election is being forced.
    5/11/2011 2:10:16 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    5/11/2011 12:30:42 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.100 with the system having network hardware address 00:23:6C:7F:89:F6. Network operations on this system may be disrupted as a result.
    .
    ==== End Of File ===========================

    I really appreciate your taking the time to help!
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Glad to help. Please go ahead with the instructions in Reply #4.
     
  7. Swive

    Swive TS Rookie Topic Starter

    Bobbye - I will be back at my office cpu tomorrow, and will proceed as you have advised then.

    Steve
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, post when ready.
     
  9. Swive

    Swive TS Rookie Topic Starter

    Bobbye- Here is log from ESET

    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan

    Should I still run ComboFix now?
     
  10. Swive

    Swive TS Rookie Topic Starter

    ComboFix Log:

    ComboFix 11-05-15.04 - Stephen H. Blum 05/16/2011 12:16:20.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2550.1860 [GMT -5:00]
    Running from: c:\documents and settings\Stephen H. Blum\Desktop\ComboFix.exe
    AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Stephen H. Blum\Application Data\.#
    c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\{4F94B971-56FB-4A27-BC49-096BCDBB7811}
    c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\{4F94B971-56FB-4A27-BC49-096BCDBB7811}\chrome.manifest
    c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\{4F94B971-56FB-4A27-BC49-096BCDBB7811}\chrome\content\_cfg.js
    c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\{4F94B971-56FB-4A27-BC49-096BCDBB7811}\chrome\content\overlay.xul
    c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\{4F94B971-56FB-4A27-BC49-096BCDBB7811}\install.rdf
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\system32\bszip.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-16 13:42 . 2011-05-16 13:42 -------- d-----w- c:\program files\ESET
    2011-05-16 13:31 . 2011-05-16 13:32 -------- d-----w- c:\program files\Common Files\Adobe
    2011-05-16 13:22 . 2011-05-16 13:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-05-13 23:12 . 2011-05-13 23:15 -------- d-----w- c:\documents and settings\Stephen H. Blum\Local Settings\Application Data\NPE
    2011-05-13 21:40 . 2011-05-13 21:40 -------- d-----w- c:\program files\Windows Resource Kits
    2011-05-13 17:07 . 2011-05-13 17:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-05-13 17:07 . 2011-05-13 17:07 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2011-05-13 17:07 . 2011-05-13 17:07 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-05-13 17:07 . 2011-05-13 17:07 -------- d-----w- c:\program files\Symantec
    2011-05-13 17:05 . 2011-05-13 17:07 -------- d-----w- c:\windows\system32\drivers\NAV
    2011-05-13 17:05 . 2011-05-13 23:11 -------- d-----w- c:\program files\Norton AntiVirus
    2011-05-13 17:05 . 2011-05-13 17:05 -------- d-----w- c:\program files\Windows Sidebar
    2011-05-13 16:31 . 2011-05-13 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2011-05-13 16:24 . 2011-05-13 22:37 -------- d-----w- c:\program files\NortonInstaller
    2011-05-11 19:20 . 2011-05-13 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-05-11 19:20 . 2011-05-13 15:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-09 23:30 . 2011-05-09 23:30 -------- d-----w- c:\documents and settings\QBDataServiceUser20
    2011-05-09 20:47 . 2011-05-09 20:47 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2011-05-06 12:56 . 2011-05-06 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-05-02 19:39 . 2011-05-02 19:39 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-04-20 20:13 . 2011-04-20 20:13 -------- d-----w- c:\windows\system32\wbem\Repository
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-04-01 17:37 . 2011-03-07 17:25 50 ----a-w- C:\QB_C_M.bat
    2011-04-01 17:35 . 2011-04-01 17:32 75 ----a-w- C:\QB_SB_OFFICE.bat
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
    "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-11-12 995328]
    "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
    "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-26 98304]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
    2006-07-17 02:29 389120 ----a-w- c:\program files\Dell Support\DSAgnt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
    2006-05-03 09:12 98304 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
    2005-03-17 19:45 40960 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
    2010-10-19 10:58 1439496 ----a-w- c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
    2005-09-09 00:20 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    2005-09-09 00:20 110592 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mm_tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
    2005-03-17 19:25 57393 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2006-09-26 20:08 98304 ----a-w- c:\program files\QuickTime\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2006-09-26 20:08 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2003-10-14 15:22 155648 ----a-r- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "AOL ACS"=2 (0x2)
    "gusvc"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/13/2011 12:06 PM 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/13/2011 12:06 PM 744568]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110430.001\BHDrvx86.sys [5/13/2011 1:08 PM 802936]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/13/2011 12:06 PM 136312]
    R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/13/2011 12:06 PM 130008]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/13/2011 12:42 PM 105592]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110513.001\IDSXpx86.sys [5/16/2011 9:29 AM 341944]
    S2 gupdate1ca1a069b09d31e;Google Update Service (gupdate1ca1a069b09d31e);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 5:04 PM 133104]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [8/13/2010 12:17 PM 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [8/13/2010 12:17 PM 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 5:04 PM 133104]
    S3 QuickBooksDB20;QuickBooksDB20;c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB20 --> c:\progra~1\Intuit\QUICKB~2\QBDBMgrN.exe -hvQuickBooksDB20 [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-16 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-27 22:03]
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 22:04]
    .
    2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 22:04]
    .
    2006-10-16 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 10:00]
    .
    2011-05-13 c:\windows\Tasks\Office_SHB.job
    - C:\Office_SHB.bat [2006-10-16 18:07]
    .
    2010-11-10 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2010-11-03 22:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5060926
    uSearchAssistant = hxxp://www.google.com
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: phantombidder.com\www
    Trusted Zone: musicmatch.com\online
    Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-16 12:22
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NAV]
    "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2011-05-16 12:26:16
    ComboFix-quarantined-files.txt 2011-05-16 17:25
    .
    Pre-Run: 52,380,229,632 bytes free
    Post-Run: 52,410,159,104 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
    - - End Of File - - 04453749EA1BE97219083AAB7A028C7E
     
  11. Swive

    Swive TS Rookie Topic Starter

    Bobbye......
    Just FWIW; Spywareblaster and Spybot S&D now update w/o problems, Malwarebytes though still generates the Access is Denied error when updating.
     
  12. Swive

    Swive TS Rookie Topic Starter

    Uninstalled old AOL program and files, which got rid of file specified in Eset.
    Re-Ran Eset which generated the following:

    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP907\A0096550.exe probably a variant of Win32/StartPage.HSZAKFT trojan

    All help greatly appreciated.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Sorry for delay- personal business.

    Remove the entry from Eset below:
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===================================================
    Combofix looks good. But you have so many unnecessary processes starting on boot- so if 'speed' is an issue. Many of these are auto-updates which contact the internet several times each day, every day, looking for update that may either not come or com only every few months.

    You can use the msconfig utility to uncheck every thing on the Startup Menu except:
    Antivirus
    Firewall if you use 3rd party FW like Comodo or Zone Alarm
    Touchpad if on laptop
    Network processes if using Pure Networks or Cisco.
    Nothing else needs to start on boot and run n the background.
    ========================================
    And you have tasks scheduled that can all be stopped:

    1. c:\windows\Tasks\ISP signup reminder 1> c:\windows\system32\OOBE\oobebaln.exe> oobebaln.exe is Windows Out Of the Box Experience Balloon Reminder preloaded in 2004.
    2. c:\program files\NCH Swift Sound\WavePad\wavepad.exe> 2010.
    =========================================
    I am uncertain about the Mbam problem. You say both that you can't run it and that it's clean. So which is it? If you can't run it, proceed to the following:
    Please uninstall Malwarebytes' Anti-Malware currently on your system. Use Windows Explorer to delete it's Program file. Reboot the computer.: Download Malwarebtes again and save to the desktop. Do not run yet:
    [​IMG]
    Malwarebytes' Anti-Malware
    1. Please download Malwarebytes' Anti-Malware from from HERE
      **************************Save to desktop. Do not run yet.************************
    2. Double-click mbam-setup.exe and follow the prompts to install the program.
    3. At the end, be sure a checkmark is placed next to
      [o] Update Malwarebytes' Anti-Malware
      [o] and Launch Malwarebytes' Anti-Malware
    4. then click Finish.
    5. If an update is found, it will download and install the latest version.
    6. Once the program has loaded, select Perform Quick scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
    7. Be sure that everything is checked, and click Remove Selected.
    8. When completed, a log will open in Notepad. please attach this log with your reply
      [o] If you accidentally close it, the log file is saved here and will be named like this:
      [o] C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    ========================
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

    Once done, try running a scan again
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Eset entry is in the restore points. It is not active in system. I will have you drop old retore points when clean and set new clean one when we're finished.
     
  15. Swive

    Swive TS Rookie Topic Starter

    Thanks for the reply...

    1. I've already removed "C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe" When I uninstalled all of AOL. Do you still want me to run OTMoveit?

    2. Malwarebytes runs w/o any problems. No infected files detected at this point. I get an error message when I update saying "access is denied," but the update loads anyway.

    3. I will try to clean up my startup clutter. I never knew what I could delete. Thanks for the suggestions.
    4. How do I stop the scheduled tasks that you mentioned?
     
  16. Swive

    Swive TS Rookie Topic Starter

    OTMoveit and Mbam Logs

    OTMoveit Log

    All processes killed
    ========== FILES ==========
    File/Folder C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56507 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes

    User: QBDataServiceUser20
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 41 bytes

    User: Stephen H. Blum
    ->Temp folder emptied: 3250562 bytes
    ->Temporary Internet Files folder emptied: 15534512 bytes
    ->Java cache emptied: 67403164 bytes
    ->Flash cache emptied: 3773065 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 17048 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 11647889 bytes

    Total Files Cleaned = 97.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 05182011_162658

    Files moved on Reboot...
    File move failed. C:\WINDOWS\temp\Perflib_Perfdata_61c.dat scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6612

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    5/18/2011 5:47:58 PM
    mbam-log-2011-05-18 (17-47-58).txt

    Scan type: Quick scan
    Objects scanned: 159134
    Time elapsed: 2 minute(s), 38 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Mbam now updates without any error messages!
     
  17. Swive

    Swive TS Rookie Topic Starter

    However, when cleaning up with msconfig, I get the following error:

    An access denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified change.

    I am logged on as Admin, and despite that message, the changes I make are effected.
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If the changes you made worked and stayed as you set them, don't worry about it. If it happened to just one program or one Service and you couldn't make the change, then you would have to take ownership of the file.
    ==================================================
    Scheduled Tasks
    Most of these found are usually auto-updates scheduled for programs that do not need them. They will make numerous internet connections every day, looking for updates that you can find manually. You want to keep these connection attempts as few as possible and then only if needed for the system. The only[/b[ auto-update I get is for the AV program.

    Opening scheduled tasks to modify or delete them:

    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    To change the settings for a task: right-click the Task> click Properties> do any of the following:
    1. To change the schedule for the task, click the Schedule tab.
    2. To customize the settings for the task, such as the maximum run time, idle time requirements, and power management options, click the Settings tab.
    3. To delete a task> right-click the task> click Delete.
    4. To prevent a task from running until you want to let it run again> right-click the task> Properties> On the General tab> clear the Enabled check box. Select the check box again to enable the task when you are ready to let the task scheduler run it again.

    Maintenance Scheduled Tasks such as defrag are in a separate category.
     
  19. Swive

    Swive TS Rookie Topic Starter

    Thanks for all your help.

    I think I still need to remove one restore point where "HSZAKFT trojan" was found.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. You will be dropping that restore point as part of the cleanup below:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Let me know if you have any more questions.
     
  21. Swive

    Swive TS Rookie Topic Starter

    Bobbye; - I know there is a no-brainer answer for this question.... but why delete the tools you provided... why not keep them for possible use later on?

    Steve
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Steve, the version of the programs for these scans are not meant to be 'resident.' They were tools to scan and clean the system. Some of them will have paid versions that you can purchase and set up on the system.

    It would serve no purpose for you to run DDS or GMER because each has to be reviewed and 'handled.

    We don't advocate anyone running Combofix without supervision. Other tools we may have use such as scans for rootkits are specific to use when appropriate.

    You can download and run a free Mbam scan if you want. But the free one won't update on the system nor later on if you attempt to update it.

    The Eset scan is still on the system under Manage Add ons.

    Others have asked this same question. My experience has been twofold:
    1. Running random scans and cleaning programs usually results in additional problems.
    2. Running a scan-such as Mbam, even if it finds and removes malware, does not mean all the malware has been found- or removed.
    =======================================
    Here are some suggestions that you can download, which will help keep the system clean- and they are all free!
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      [o] Temporary File Cleaner
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    (The 'real' reason, of course, that we have the programs removed is because if everyone used them and knew how to handle the log entries, I'd be out of my volunteer job!);)
     
  23. Swive

    Swive TS Rookie Topic Starter

    Great Advice! Should be a sticky note!
    Thanks Bobbye for all your help.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're very welcome, Steve. Stay safe and enjoy your computing!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...