Solved Computer has a virus that takes away IE, and recycle bin icons, and start menu icons

[Bobbye]

Sorry- misplaced the thread.

OTL Custom Scan Fixes

• Run OTL
• Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
  
  

  :OTL
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553557800} http://fpdownload2.macromedia.com/pu...sh/swflash.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  @Alternate Data Stream - 64 bytes -> C:\Users\Sarah&Phil\Desktop\True Religion - Orphan Sunday.mp4:TOC.WMV
  helpfile [open] -- Reg Error: Key error.
  regfile [merge] -- Reg Error: Key error.
  txtfile [edit] -- Reg Error: Key error.
  [2011/10/08 23:18:59 | 000,000,680 | ---- | C] () -- C:\Users\Sarah&Phil\AppData\Local\d3d9caps.dat
  [2011/10/08 23:14:07 | 000,000,328 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
  [2010/05/11 19:01:08 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
  "VistaSp1" = Reg Error: Unknown registry data type -- File not found
  "VistaSp2" = Reg Error: Unknown registry data type -- File not found
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run uninterrupted, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

[pwm1031]

OTL logfile created on: 11/4/2011 11:38:27 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sarah&Phil\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 44.54% Memory free
4.21 Gb Paging File | 2.97 Gb Available in Paging File | 70.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.75 Gb Total Space | 53.19 Gb Free Space | 38.33% Space Free | Partition Type: NTFS
Drive D: | 10.30 Gb Total Space | 3.88 Gb Free Space | 37.66% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: Sarah&Phil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Sarah&Phil\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10x_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Windstream_BCUC\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\AiO\Center\KodakSvc.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6b88a2bf58d8529fc33f8f3437a7ff06\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\2b2dd2c19c570013eb8fce9bb6578e45\System.Data.SqlXml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\0be0eb42238f115408fd2fab2b9a387f\Microsoft.VisualC.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Google\Google Desktop Search\gzlib.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx ()
MOD - C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.Web.Services2\2.0.3.0__31bf3856ad364e35\Microsoft.Web.Services2.dll ()
MOD - C:\Program Files\Spare Backup\System.Data.SQLite.DLL ()
MOD - C:\Program Files\Spare Backup\UberCrypto.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (KodakSvc) -- C:\Program Files\Kodak\AiO\center\KodakSvc.exe (Eastman Kodak Company)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe (Eastman Kodak Company)
SRV - (GameConsoleService) -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation )
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6723
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Sarah&Phil\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/12/09 21:49:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Sarah&Phil\AppData\Roaming\Move Networks [2009/12/27 21:54:11 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/13 22:59:44 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [Spare Backup] C:\Program Files\Spare Backup\SpareBackup.exe (SpareBackup, Inc.)
O4 - HKLM..\Run: [Windstream_BCUC_McciTrayApp] C:\Program Files\Windstream_BCUC\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gateway.com/support/profiler/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/67.14/uploader2.cab (UploadListView Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://www.onlineregister.com/gateway/serial/gwCID.cab (compid Class)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://games2.gamefools.com/onlinegames/Yahtzee/zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://mckessonlearning.webex.com/client/T26L/training/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4593E15F-E8C4-4C95-AA67-9AE1C6F85974}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52098EC1-C8D7-4E10-8955-463A541464AB}: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\GTW2_Standard.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 23:32:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/26 17:10:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\OTL.exe
[2011/10/26 16:55:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\TFC.exe
[2011/10/26 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/10/26 16:25:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/26 16:24:20 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\OTM.exe
[2011/10/23 21:17:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/23 21:06:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/23 21:06:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/23 21:06:18 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/13 23:27:05 | 000,000,000 | ---D | C] -- C:\Users\Sarah&Phil\Desktop\Cleaing tools
[2011/10/13 23:11:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/13 22:35:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/13 22:26:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/11 22:25:59 | 000,520,496 | ---- | C] (Sysinternals) -- C:\Windows\Listdlls.exe
[2011/10/11 22:25:57 | 000,423,288 | ---- | C] (Sysinternals) -- C:\Windows\handle.exe
[2011/10/11 22:22:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah&Phil\Documents\tdsskiller[1]
[2011/10/10 22:23:10 | 000,100,864 | ---- | C] (GMER) -- C:\kxtdqpow.sys
[2011/10/10 21:31:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah&Phil\AppData\Roaming\Malwarebytes
[2011/10/10 21:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 21:31:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/10 21:31:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/10 21:31:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 17:19:51 | 000,000,000 | ---D | C] -- C:\Users\Sarah&Phil\AppData\Roaming\Avira
[2011/10/10 17:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/10/10 17:16:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011/10/10 17:16:03 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011/10/10 17:16:02 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011/10/10 17:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/10/10 17:15:56 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

========== Files - Modified Within 30 Days ==========

[2011/11/04 23:34:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/04 23:34:36 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 23:34:36 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/04 23:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/04 23:34:22 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/04 22:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 17:10:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\OTL.exe
[2011/10/26 16:56:19 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\TFC.exe
[2011/10/26 16:24:24 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah&Phil\Desktop\OTM.exe
[2011/10/18 21:06:56 | 000,001,608 | ---- | M] () -- C:\Users\Sarah&Phil\Desktop\xp_scr_fix.reg
[2011/10/18 21:06:45 | 000,000,497 | ---- | M] () -- C:\Users\Sarah&Phil\Desktop\xp_scr_fix.zip
[2011/10/16 22:38:02 | 000,132,597 | ---- | M] () -- C:\Users\Sarah&Phil\Desktop\Flash_Disinfector.exe
[2011/10/13 23:23:39 | 000,294,400 | ---- | M] () -- C:\Users\Sarah&Phil\Desktop\exeHelper.com
[2011/10/13 22:59:44 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/13 19:28:40 | 000,295,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/13 08:03:08 | 000,616,928 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/13 08:03:08 | 000,110,002 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/12 20:54:11 | 176,179,149 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/10 22:23:10 | 000,100,864 | ---- | M] (GMER) -- C:\kxtdqpow.sys

========== Files Created - No Company Name ==========

[2011/10/23 21:06:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/23 21:06:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/23 21:06:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/23 21:06:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/23 21:06:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/18 21:06:41 | 000,000,497 | ---- | C] () -- C:\Users\Sarah&Phil\Desktop\xp_scr_fix.zip
[2011/10/16 22:36:00 | 000,132,597 | ---- | C] () -- C:\Users\Sarah&Phil\Desktop\Flash_Disinfector.exe
[2011/10/13 23:23:28 | 000,294,400 | ---- | C] () -- C:\Users\Sarah&Phil\Desktop\exeHelper.com
[2011/10/09 08:53:23 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/09 18:20:44 | 000,000,036 | ---- | C] () -- C:\Users\Sarah&Phil\AppData\Local\housecall.guid.cache
[2009/09/11 17:53:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 17:53:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/12 14:11:45 | 000,000,116 | ---- | C] () -- C:\Users\Sarah&Phil\AppData\Roaming\wklnhst.dat
[2009/05/10 22:07:56 | 000,012,800 | ---- | C] () -- C:\Windows\System32\EKDeviceServices.dll
[2008/09/17 23:02:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/25 13:03:09 | 000,124,928 | ---- | C] () -- C:\Users\Sarah&Phil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/30 17:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/08/30 17:00:49 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/30 17:00:03 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,295,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,616,928 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,110,002 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\Windows\System32\pcpbios.exe
[2001/06/27 13:31:00 | 000,039,611 | ---- | C] () -- C:\Windows\System32\biosid.exe
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\Windows\System32\sysres.dll

========== LOP Check ==========

[2009/09/09 17:23:54 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\acccore
[2010/05/28 08:09:25 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\Canon
[2009/10/20 17:13:20 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\HouseCall 6.6
[2007/12/25 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\SampleView
[2009/05/11 09:33:47 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\Skinux
[2011/11/04 23:36:37 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\Spare Backup
[2011/06/17 11:13:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\Temp
[2009/07/12 14:11:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\Template
[2010/01/14 10:38:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\webex
[2007/12/25 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Sarah&Phil\AppData\Roaming\WildTangent
[2011/11/04 23:33:31 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

 

[Bobbye]

Okay, this looks good. I'd like you to back up and do the following:

Try to run a scan with Malwarebytes.
Instead of the 'Quick Scan', select Perform Full Scan./b]
Update and rescan with Malwarebytes: Note: On the Scanner tab, make sure the the Perform Full Scan option is selected. Allow update> Scan

When scan has finished, you will see this image:

• Click on OK to close box and continue.
• Click on the Show Results button.
• Click on the Remove Selected button to remove all the listed malware.
• At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.

If it will not run, do the following:

Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

• Rkill.com
• Rkill.scr
• Rkill.exe
  
• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.

• Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
• A black window should pop up, press any key to close once the fix is completed.
• A log file called exehelperlog.txt will be created and should open at the end of the scan)
• A copy of that log will also be saved in the directory where you ran exeHelper.com
• Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).
====================================
Download and run Combofix again.
====================================
Please tell me if there have been any changes in the system> resolved problems?> problems persist?> what? new problems?

 

[pwm1031]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8093

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11/5/2011 6:11:58 PM
mbam-log-2011-11-05 (18-11-58).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 395817
Time elapsed: 1 hour(s), 48 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


If I understand correctly, since the malawarebytes ran I didn't need to do the rest. Let me know if this is not correct.
Thanks

 

[Bobbye]

I would still like you to run Combofix.

 

[pwm1031]

ComboFix 11-11-06.02 - Sarah&Phil 11/06/2011 21:25:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1157 [GMT -5:00]
Running from: c:\users\Sarah&Phil\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 02:35 . 2011-11-07 02:35 -------- d-----w- c:\users\Martha and Levi\AppData\Local\temp
2011-11-07 02:35 . 2011-11-07 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-06 13:42 . 2011-11-06 13:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B86C663C-5323-4CC5-8005-F2E3956D50FD}\offreg.dll
2011-11-05 03:32 . 2011-11-05 03:32 -------- d-----w- C:\_OTL
2011-11-04 13:16 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B86C663C-5323-4CC5-8005-F2E3956D50FD}\mpengine.dll
2011-10-26 20:45 . 2011-10-26 20:45 -------- d-----w- c:\program files\Common Files\Java
2011-10-26 20:25 . 2011-10-26 20:25 -------- d-----w- C:\_OTM
2011-10-26 12:43 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-24 01:17 . 2011-10-24 01:17 -------- d-----w- c:\program files\ESET
2011-10-14 13:13 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-12 18:57 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 18:57 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 18:57 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 18:57 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 18:31 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 18:31 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 18:31 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 18:31 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-10-12 02:25 . 2011-07-07 17:28 520496 ----a-w- c:\windows\Listdlls.exe
2011-10-12 02:25 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe
2011-10-11 02:23 . 2011-10-11 02:23 100864 ----a-w- C:\kxtdqpow.sys
2011-10-11 01:31 . 2011-10-11 01:31 -------- d-----w- c:\users\Sarah&Phil\AppData\Roaming\Malwarebytes
2011-10-11 01:31 . 2011-10-11 01:31 -------- d-----w- c:\programdata\Malwarebytes
2011-10-11 01:31 . 2011-08-31 21:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-11 01:31 . 2011-11-05 20:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-10 21:19 . 2011-10-10 21:19 -------- d-----w- c:\users\Sarah&Phil\AppData\Roaming\Avira
2011-10-10 21:16 . 2011-07-21 16:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-10 21:16 . 2011-07-21 16:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-10 21:15 . 2011-10-10 21:15 -------- d-----w- c:\programdata\Avira
2011-10-10 21:15 . 2011-10-10 21:15 -------- d-----w- c:\program files\Avira
2011-10-08 23:32 . 2011-10-08 23:32 -------- d-----w- c:\users\Martha and Levi\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-03 09:06 . 2010-05-25 15:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 23:40 . 2011-06-06 02:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-14 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-07-13 5252936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Windstream_BCUC_McciTrayApp"="c:\program files\Windstream_BCUC\McciTrayApp.exe" [2010-05-01 1742336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-04 40072]
.
c:\users\Sarah&Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-14 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2009-05-13 90240]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2009-05-13 14976]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2009-05-13 121856]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKDiscovery.exe [2009-01-19 279960]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\AiO\center\KodakSvc.exe [2009-01-19 38296]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-05-24 251904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:54]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 15:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=PTB&M=MT6723
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://games2.gamefools.com/onlinegames/Yahtzee/zylomplayer.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-06 21:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
[0] 0x00000050
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-06 21:38:30
ComboFix-quarantined-files.txt 2011-11-07 02:38
ComboFix2.txt 2011-10-14 03:12
.
Pre-Run: 55,295,606,784 bytes free
Post-Run: 55,280,611,328 bytes free
.
- - End Of File - - BA95A2BABB9BF23668E4B503060452EC

 

[Bobbye]

Please see if you can get this short script through now:

Custom CFScript

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
C:\kxtdqpow.sys
c:\program files\Viewpoint\Common\ViewpointService.exe 
Folder::
c:\users\Martha and Levi\AppData\Local\temp
c:\users\Default\AppData\Local\temp
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=
Driver::
Viewpoint Manager Service

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Comments:
1. From OTM: Total Files Cleaned = 1,211.00 mb
This is a combined number from each of these accounts:
Sarah & Phil
Martha & Levi
That is a huge number of files! It would indicate that perhaps regular maintenance is not being done> delete temporary internet files and Cookies, Error Check, disc cleanup, defrag . Dragging all these files around when you surf will slow you down.
----------------------------------
I find that accounts with so many temp files are usually loaded with Tracking Cookies. So each of the 2 accounts should reset their Cookies as follows:

2. Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
--------------------------
3. Then run the following to remove the ones you already have. Note: be sure to check the line for removal of the entries:

SuperAntiSpyware Home Edition Free Version

• Please download SuperAntiSpyware from HERE
• Launch SuperAntiSpyware and click on 'Check for updates'.
• Wait for the updates to be installed
• On the main screen click on 'Scan your computer'.
• Check: 'Perform Complete Scan then Click 'Next' to start the scan.
• Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
• Make sure everything found has a checkmark next to it,then press 'Next'.
• Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click on 'Preferences'.
• Click on the 'Statistics/Logs' tab.
• Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.

It will then open in your default text editor,such as Notepad. b]If the scan only shows Tracking Cookies, you do not need to leave the log> if any other entries are found, please leave the log. You should not have any trouble determining this.

4.. Windows needs to be rebooted occasionally. Basically it's messy and this help free up memory and put files back in place.

5. I don't see Java in any of the logs. Without this, there will be some content on web sites that you cannot view.
======================================
You began with these problems:
"No IE, recycle bin icons, and start menu icons"
Have any or all of these been resolved? If not, which remain? Are there any new problems?

 

[pwm1031]

I still get the same spelling error when attempting to run the CFScript.txt file. I have done everything else recommended and I only had Tracking Cookies in the log. As far as all of my problems being resolved, the only problem is I cannot find my recylce bin. I have searched and still no luck.
Thanks for all the help.

 

[pwm1031]

bump to the top please

 

[Bobbye]

For missing Recycle Bin:
ight click a blank space on the desktop, click "Personalize" and click "Change desktop icons" under tasks in the left column, place a check next to Recycle Bin and click apply and ok.
-----------------------------------
Let's see if this will remove the entries I had for Combofix:

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :processes
  killallprocesses
  :Services
  Viewpoint Manager Service
  :Reg
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
  "DisableMonitoring"=-
  :Files 
  C:\kxtdqpow.sys
  c:\program files\Viewpoint\Common\ViewpointService.exe 
  c:\users\Martha and Levi\AppData\Local\temp
  c:\users\Default\AppData\Local\temp
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=========================================
Just want to make sure to attempted to uninstall Combofix correctly:

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

Rebooted
Downloaded and run Combofix again
Tried to run the script again.

Sorry you've had such a time getting through this. I broke my left hand last Wednesday (I'm left handed) and there were some days I couldn't use it in kybrd. I can get a couple hours out of it now so am catching up slowly.

 

[pwm1031]

Don't worry about the time. I am glad your hand is healing.
I tried to uninstall combofix the way you said it windows cannot find 'Combofix'. Make you typed the name correctly... But I did do the OTM and below is the log.
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service Viewpoint Manager Service stopped successfully!
Service Viewpoint Manager Service deleted successfully!
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware\\DisableMonitoring deleted successfully.
========== FILES ==========
C:\kxtdqpow.sys moved successfully.
c:\program files\Viewpoint\Common\ViewpointService.exe moved successfully.
c:\users\Martha and Levi\AppData\Local\temp folder moved successfully.
c:\users\Default\AppData\Local\temp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Martha and Levi
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Sarah&Phil
->Temp folder emptied: 2410163 bytes
->Temporary Internet Files folder emptied: 1019652527 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5593 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73025743 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,044.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 11142011_164144

Files moved on Reboot...

Registry entries deleted on Reboot...

 

[Bobbye]

Okay, that worked. Did you get the Recycle Bin back?

Are there any remaining problems?

 

[pwm1031]

The Recycle Bin is back and all is well. Thanks so much for you help, Bobbye. I will be praying for continued healing of your hand.

 

[Bobbye]

That is good to hear! The system appears to be in good shape now, so you can remove the tools we used:-------------------

Removing all of the tools we used and the files and folders they created

Combofix already uninstalled.

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
===========================================
Keep this in mind:

User: Sarah&Phil
->Temp folder emptied: 2410163 bytes
->Temporary Internet Files folder emptied: 1019652527 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 5593 bytes

Total Files Cleaned = 1,044.00 mb>>> a lot! Step up the maintenance!

There is no input from the User: Martha and Levi account. Suggest you remove this account if it's no longer used.

Thanks- hand is healing, still limited use.
Have a Happy and Peaceful Holiday!