Possible virus

By mom26gr8kids · 14 replies
Jul 11, 2011
  1. When I ran my weekly Anti Spyware check this week I noticed something unusual. Normally I just have adware tracking cookies, but this week I had something called Browser hijacker.Tubby. I talked to my kids to see if anyone had clicked on something or noticed anything and one of my boys mentioned that when he was playing games a pornographic site popped up. He closed it and didn't tell me because he was embarrassed. Since SuperAntiSpyware quarantined the software I thought we would be okay, however, when I went to start my computer today it said that Windows failed to start up normally and it recommended that I launch startup repair. This is what happened the last time my computer had a virus, only last time I thought it was a glitch so I let it go for a while. This time I want to check right away and make sure everything is fine with my system. Could someone please run me through the 7 steps and we can make sure my PC is clean?

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You are having a time keeping this system clean! I'll be glad to help with malware:

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    I'd like to see the SuperantiSpyware log if you still have it. It can be helpful knowing who is going where. And I can help you reset the Cookies to help prevent Tracking Cookies.
  3. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517


    Here is the MBAM log

    Malwarebytes' Anti-Malware

    Database version: 7087

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    7/12/2011 9:17:22 AM
    mbam-log-2011-07-12 (09-17-22).txt

    Scan type: Quick scan
    Objects scanned: 173816
    Time elapsed: 6 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.

    Files Infected:
    (No malicious items detected)

    Here is the gmer log

    GMER - http://www.gmer.net
    Rootkit quick scan 2011-07-12 09:34:28
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.ST2O
    Running: j0o4nr1s.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxtdapow.sys

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    ---- EOF - GMER 1.0.15 ----
  4. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    More logs

    After talking with my son he says he did do a search for nude pictures at bing. I am sure bing isn't the culprit, but whatever site he clicked on after that. So, here is the log from Super-Anti-Spyware from the other night

    SUPERAntiSpyware Scan Log

    Generated 07/08/2011 at 12:37 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7387
    Trace Rules Database Version: 5199

    Scan type : Quick Scan
    Total Scan Time : 00:44:50

    Memory items scanned : 720
    Memory threats detected : 0
    Registry items scanned : 2477
    Registry threats detected : 10
    File items scanned : 10416
    File threats detected : 6

    Adware.Tracking Cookie
    ia.media-imdb.com [ C:\Users\Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FP8QQGH9 ]
    s0.2mdn.net [ C:\Users\Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FP8QQGH9 ]
    sftrack.searchforce.net [ C:\Users\Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FP8QQGH9 ]
    www.sextube.com [ C:\Users\Dad\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\FP8QQGH9 ]

    Browser Hijacker.Tubby
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoModify
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#NoRepair
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#URLInfoAbout
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Toolbar#EstimatedSize

    Definitely harder to keep my system clean with 6 kids in the house. I use my laptop for just about everything now since the kids use the PC so much.
  5. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    DDS log

    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Dad at 9:43:41 on 2011-07-12
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1179 [GMT -6:00]
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\bin32\nSvcAppFlt.exe
    C:\Program Files\bin32\nSvcIp.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
    mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer =
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B} : NameServer =,
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B} : DhcpNameServer =
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd2ebf0&i=23&tp=ab&nt=1&q=
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\iwonei\installr\1.bin\NPjfEISb.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dad\appdata\local\roblox\versions\version-ffdcbe616f2f4697\NPRobloxProxy.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoeact.dll
    FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-1-6 238960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-1-6 36568]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67656]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-19 269448]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 28624]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-1-19 43552]
    S2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-12 39984]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    =============== Created Last 30 ================
    2011-07-12 15:00:07 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-12 15:00:01 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-12 15:00:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-29 15:12:58 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-06-27 04:08:57 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-27 04:08:56 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-06-17 14:37:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-17 14:37:56 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-17 14:37:55 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-16 22:55:31 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 22:55:29 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 22:55:28 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 22:55:27 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 22:55:26 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 22:55:25 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 22:55:23 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 22:55:23 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 22:55:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 22:55:18 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    ==================== Find3M ====================
    2011-07-07 22:55:47 285256 ----a-w- c:\windows\system32\guard32.dll
    2011-07-07 22:55:43 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-07-07 22:55:43 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-07-07 22:55:42 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-06-03 15:34:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-10 14:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 14:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-04-15 03:28:18 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys
    2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
    ============= FINISH: 9:44:36.70 ===============
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    other DDS log

    DDS (Ver_2011-06-23.01)
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 7:16:20 PM
    System Uptime: 7/11/2011 8:31:01 AM (25 hours ago)
    Motherboard: Acer | | WMCP78M
    Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 1200/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 142 GiB total, 46.264 GiB free.
    D: is FIXED (NTFS) - 142 GiB total, 141.567 GiB free.
    E: is CDROM ()
    I: is Removable
    K: is Removable
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    ==== Installed Programs ======================
    Update for Microsoft Office 2007 (KB2508958)
    2002 Games
    7-Zip 9.20
    Acer Arcade Live Main Page
    Acer Assist
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer Registration
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.6
    Agere Systems PCI-SV92EX Soft Modem
    Alice Greenfingers
    Alien Shooter
    Amazon MP3 Downloader 1.0.10
    Anna`s Ice Cream
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AV Input Selection
    Avenue Flo - Special Delivery
    AVG 2011
    Babysitting Mania
    Batch Update
    Bible Data Type System Files
    Big Fish Games: Game Manager
    Bookworm Adventures
    Build In Time
    Burger Shop
    C:\Program Files\Acer GameZone\GameConsole
    Cake Mania
    Chicken Invaders 2
    Choice Guard
    Common System Files
    COMODO Internet Security
    Cookie Domination
    Cooking Academy
    Cooking Dash
    Cooking Dash Diner Town Studios
    Coupon Printer for Windows
    Dairy Dash
    Direct Show Ogg Vorbis Filter (remove only)
    Doggie Dash
    Double Play Jojo’s Fashion Show 1 & 2
    Dream Day First Home
    Dream Day Wedding
    Dream Day Wedding Married in Manhattan
    eMusic Download Manager 4.1.4
    ESET Online Scanner v3
    Family Feud 3
    Family Tree Maker 2005
    Fashion Dash
    Free Realms
    Free Realms Installer
    Garfield's Typing Pal
    Go-Go Gourmet
    Go Go Gourmet Chef of the Year
    Google Desktop
    Google SketchUp 8
    Graphical Query Editor
    Guitar Praise
    Hax264 Codec
    Heroes of Hellas
    Home Sweet Home
    Hotel Dash Suite Success
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ijji REACTOR
    Java Auto Updater
    Java(TM) 6 Update 24
    Jessicas Cupcake Cafe
    Junk Mail filter update
    Kelly Green Garden Queen
    Kitchen Brigade
    LEGO Universe
    Libronix Digital Library System
    Libronix DLS Application
    Libronix DLS Shortcuts
    Lizard Safeguard - PDF Viewer 2.5.143
    LLS Resource Driver
    Magic Farm
    Magic Match Adventures
    Malwarebytes' Anti-Malware version
    Math Missions Grades 3-5
    Math Missions Grades K-2
    Mavis Beacon Teaches Typing 15
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Train Simulator
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Solitaire - Secret Island
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA Stereoscopic 3D Driver
    OEB Resource Driver
    OGA Notifier 2.0.0048.0
    Passport to Perfume™
    PDF Resource Driver
    pdfforge Toolbar v4.3
    Picasa 3
    Plants vs. Zombies
    PlayReady PC runtime
    Puzzle and Board XP Championship
    Roblox for Dad
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Sentence Diagramming
    Spelling Dictionaries Support For Adobe Reader 9
    Sunshine Acres
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    Teach Yourself to Play Guitar 1.8.1
    Timez Attack
    U.B. Funkeys
    Uninstall Dual Mode Camera
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Wedding Dash 2
    Wedding Dash Ready Aim Love
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Yard Sale Junkie
    Year 2 year-plan
    Year 3 Curriculum
    Year 3 Interface
    ==== Event Viewer Messages From Past Week ========
    7/7/2011 12:44:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ForceWare IP service service to connect.
    7/7/2011 12:44:35 PM, Error: Service Control Manager [7000] - The ForceWare IP service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    7/7/2011 1:15:03 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KENDRA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{21D9B156-F5AF-4B81-932D-E2ACBCAB. The master browser is stopping or an election is being forced.
    7/12/2011 9:33:49 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    7/12/2011 3:03:03 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).
    7/11/2011 8:32:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    ==== End Of File ===========================
  7. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    At the end of the Preliminary Virus removal that you had me complete it suggests that I update Windows, Java and Adobe reader. Would you like me to check and see if those need to be updated, or would you prefer I wait until after we are done cleaning everything?
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    So sorry for delay! Have been swamped! You can go ahead and update both:

    Java Updates Current version is v6u26. Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    Adobe Reader site . Current is v10 (X) Uninstall any earlier updates as they are vulnerabilities.
    Check this download screen also for any pre-checked toolbars or BHO- if any, uncheck before download.
    Combofix will not run with AVG on the system so you will need to temporarily uninstall it:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avast Free Version
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    Logs in next reply please.
  9. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517


    When I was installing ComboFix I got this message:

    Error opening files for writing:

    I did run the Combofix scan and here is the log, however since I got the error message I don't know if you want me to uninstall it and run it again or not.

    I did not yet run the ESET scanner since I didn't want to do that until I knew if the ComoboFix needed to be done again.


    ComboFix 11-07-15.03 - Dad 07/15/2011 23:34:27.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1626 [GMT -6:00]
    Running from: c:\users\Dad\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    ((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
    2011-07-16 05:10 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-07-16 05:10 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-07-16 05:10 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-07-16 05:10 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-07-16 05:10 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-07-16 05:10 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-07-16 05:08 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-07-16 05:08 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-07-16 05:08 . 2011-07-16 05:08 -------- d-----w- c:\programdata\AVAST Software
    2011-07-16 05:08 . 2011-07-16 05:08 -------- d-----w- c:\program files\AVAST Software
    2011-07-15 23:16 . 2011-07-15 23:16 -------- d-----w- c:\program files\Common Files\Java
    2011-07-13 05:13 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-07-13 05:10 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-07-13 05:10 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
    2011-07-12 15:00 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-12 15:00 . 2011-07-12 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-07-12 15:00 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-29 15:12 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-06-27 04:08 . 2011-06-27 04:08 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2011-06-27 04:08 . 2011-06-27 04:08 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2011-06-17 14:37 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-06-17 14:37 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-17 14:37 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-16 22:55 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-16 22:55 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-16 22:55 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-16 22:55 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-16 22:55 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-16 22:55 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-16 22:55 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-16 22:55 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-16 22:55 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-16 22:55 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    2011-07-15 23:15 . 2010-05-07 00:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-07-07 22:55 . 2010-12-29 07:42 285256 ----a-w- c:\windows\system32\guard32.dll
    2011-07-07 22:55 . 2011-01-06 23:36 82400 ----a-w- c:\windows\system32\drivers\inspect.sys
    2011-07-07 22:55 . 2011-01-06 23:36 36568 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2011-07-07 22:55 . 2011-01-06 23:36 19088 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2011-07-07 22:55 . 2011-01-06 23:36 238960 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2011-06-03 15:34 . 2011-06-03 15:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-10 14:06 . 2011-05-10 14:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-05-10 14:06 . 2011-05-10 14:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-06-27 04:08 . 2011-03-24 02:39 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    *Note* empty entries & legit default entries are not shown
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-02 2424192]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
    "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
    "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
    "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-07 2554696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2010-12-28 2392064]
    "EnableUIADesktopToggle"= 0 (0x0)
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
    R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2011-07-07 238960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2011-07-07 36568]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-03-22 43552]
    --- Other Services/Drivers In Memory ---
    *NewlyCreated* - ASWFSBLK
    *NewlyCreated* - ASWMONFLT
    *NewlyCreated* - ASWRDR
    *NewlyCreated* - ASWSNX
    *NewlyCreated* - ASWSP
    *NewlyCreated* - ASWTDI
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    ------- Supplementary Scan -------
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    TCP: DhcpNameServer =
    TCP: Interfaces\{21D9B156-F5AF-4B81-932D-E2ACBCAB943B}: NameServer =,
    FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4dd2ebf0&i=23&tp=ab&nt=1&q=
    FF - user.js: yahoo.homepage.dontask - true
    - - - - ORPHANS REMOVED - - - -
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-15 23:44
    Windows 6.0.6002 Service Pack 2 NTFS
    detected NTDLL code modification:
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    --------------------- LOCKED REGISTRY KEYS ---------------------
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(7844)
    - - - - - - - > 'lsass.exe'(7900)
    Completion time: 2011-07-15 23:48:07
    ComboFix-quarantined-files.txt 2011-07-16 05:48
    Pre-Run: 50,912,952,320 bytes free
    Post-Run: 50,545,807,360 bytes free
    - - End Of File - - C7A4C8FC61909AA3842D8797FF467B58
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Okay to go ahead with the Eset scan. The Combofix log came out okay.
  11. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    Sorry my husband clicked finish on the eset scan. He says that it said no viruses were found, but I didn't attempt to create a log. I don't know if there would have been one anyway, would you like me to run the scan again. Very frustrated that I told the kids not to mess with the computer and then my husband is the one who messed it up. Let me know what I should do next.
  12. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    My husband says that the only button there was to push was the finish button. He says there was no List of Found Threats Button.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Not to worry:
    Give me an update on how the system is doing. I'm going to take a break and will return later to review.
  14. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 517

    Sorry for taking so long to get back with you. After getting more details from my husband today there were no threats found, so no log to show you. Everything seems to be running fine. I haven't had any trouble starting the PC, and everything seems to be normal.

    Let me know if there are any further steps.

    Also I am thinking of just keeping the Avast and not re-installing the AVG. Would you recommend Avast or something else? I just don't love AVG and as long as it's off my computer why not just switch now?
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Glad to hear system is doing well.
    About the antivirus program: If you want free, then either Avast or Avira are good. If you want paid, I highly recommend the Eset Nod32 AV. Not only does this protect while surfing, but it also scans every outgoing and incoming email and leave notice at the bottom.

    I am not a fan of AVG> It was a good AV program until v8 when an antimalware program was added. Since then, there have been some updates that incorrectly told users they had W32/Heur malware. While that IS malware and systems had to be checked, at times it turned out to be only a bad update- which of course had to be followed by another update to fix it! And the programs has no way to fully disable it to run some scans, so it has to be uninstalled. That has to be the pits!
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

    Empty the Recycle Bin
    Here are some tips for you:
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o] [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...