mikec20311 infection thread

[mikec20311]

I went into my control panel add/remove programs and avg doesn't even show up. I had it on here a long time ago but it's been gone for a long time.

 

[johnb35]

Post an uninstall list using hijackthis. Open hijackthis. click on open misc tools section, click on open uninstall manager, click on save list and save it to your desktop. then just copy and paste it back here.

 

[mikec20311]

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 3
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Bing Bar
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CCleaner
CDDRV_Installer
Choice Guard
Chuzzle Deluxe from Compaq (remove only)
Compaq Connections (remove only)
Compaq Game Console and games
Compaq Organize
Coupon Printer for Windows
Crystal Maze from Compaq (remove only)
Customer Experience Enhancement
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FATE from Compaq (remove only)
Full Tilt Poker
Google Chrome
Google Update Helper
HDDlife 3.0 Google Desktop Gadget
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Photo Creations
HP Update
HPDiagnosticAlert
Insaniquarium Deluxe from Compaq (remove only)
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Joulemeter
Junk Mail filter update
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LimeWire 5.5.13
Linksys Wireless Manager
Logitech Desktop Messenger
Logitech SetPoint
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.16)
MSA20XX Device Manager
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Network Magic
OpenOffice.org 2.0
Picasa 3
PokerStars
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Puzzle Express
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RealPlayer
Revo Uninstaller 1.85
Ricochet Lost Worlds from Compaq (remove only)
SA30xx Device Manager
SA30xx Media Converter
Sandboxie 3.48
SBR Poker 1.0.0
SCRABBLE from Compaq (remove only)
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shooting Stars Pool from Compaq (remove only)
Shrek 2 Ogre Bowler from Compaq (remove only)
Slingo Deluxe from Compaq (remove only)
Snowboard SuperJam from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SopCast 3.0.1
SpeedFan (remove only)
SpywareBlaster 4.2
Super Granny from Compaq (remove only)
SUPERAntiSpyware Professional
Tradewinds from Compaq (remove only)
Trillian
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6b
WebEx Support Manager for Internet Explorer
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe from Compaq (remove only)

 

[johnb35]

Please go into add/remove programs and uninstall the following entries. I have a feeling this is where you are getting your script errors from as you have old versions of java installed.

Coupon Printer for Windows
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 23
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Then reboot and go here to download the latest version of java.

http://www.java.com/en/download/ie_manual.jsp?locale=en&host=www.java.com

I'm only gonna be up for a little while longer, have to get up early in the morning for work. I'll hang on as long as i can to help you tonight. But may have to finish this tomorrow.

 

[mikec20311]

hey john, i'm uninstalling all that stuff now. hope you're right and that fixes it. I have to leave at 10:45 anyways for work. I'm unlucky and work 11-7 overnight shift.

 

[johnb35]

When you ran the avg removal tool, did it actually complete? You may have to run it in safe mode.

Ok then.. After you get done, try running combofix one more time and if it still says avg is installed.

If you can't get combofix to run, then please run the following.

Download DDS from the following location

DDS Download Link

When you click on the above link you will see be brought to a download page. Please click on the Download Now button and a download prompt similar to Figure 1 below.

Click on the Save button. You will now be presented with a screen similar to Figure 2 below asking where you would like to save the file.

Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. Your computer will now download the file to your computer and save it on your Desktop. When it is done downloading you will now find an icon on your desktop that looks like Figure 3 below.

Disable any script-blocking programs and then double-click on the DDS.scr icon to start the program. If you did not disable a script-blocker that may be part of your antimalware program, you may receive a warning from your antimalware product asking if you would like DDS.scr to run. Please allow it to do so.

Once you double-click the icon a Windows security warning may also appear asking if you are sure you would like to run the program. This warning is shown in Figure 4 below.

Click on the Run button to start DDS. If no warning appeared, as shown above, then you should just continue reading.

DDS will now display a small black window providing information as to what DDS is doing on your computer as shown in Figure 5 below.

DDS will now start scanning your computer and compiling a variety of information about what programs are starting on your computer, what files have been recently created, and the general configuration of your computer. When DDS has finished scanning, all of this information will be compiled and be displayed in two Notepad windows named dds.txt and attach.txt as shown below.

You will then be shown a small box giving instructions as to what you should do with these files. Feel free to close this message box by pressing the OK button.

We now need to save the two log files that were created. First click on the DDS.txt window and click on the File menu and then select Save As... menu option. You will now be presented with a screen similar to Figure 8 below asking where you would like to save the file.

Click once on the Desktop button, designated by the red arrow in the figure above, to save the file to your Desktop and then press the Save button. The DDS.txt log will now be saved to your Desktop. Now click on the Attach.txt Notepad window and perform the same steps to save that file to your Desktop as well.

Please copy and paste the contents of the dds.txt log and the attach.txt log in your next reply.


I will be looking for your reply tomorrow when I get home from work.

 

[mikec20311]

Thank you very much. I will get all this done. I'm off to work, then bed, and I will be back in the evening.

 

[mikec20311]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Compaq_Owner at 2:18:37.67 on Sat 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2494.1738 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\BinarySense\HDDlife 3\hldasvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\32788R22FWJFW\iexplore.exe
C:\32788R22FWJFW\FireFox.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\compaq_owner\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {22492231-AEF0-49FC-9180-CE8969AB1273} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} - hxxps://etrade.kgieworld.com.tw/WebClient/ca_cab/FSCAPIATL.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\b87x09q4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\b87x09q4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\b87x09q4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.49\npGoogleUpdate2.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Gradient iCool: {de5809e0-2b07-11dd-bd0b-0800200c9a66} - %profile%\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\mozilla\firefox extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-3-30 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-3-30 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-3-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-28 61960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-6-29 55152]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\binarysense\hddlife 3\hldasvc.exe [2007-8-9 816376]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-8-9 123112]
S2 gupdate1c9e3e97bc020a6;Google Update Service (gupdate1c9e3e97bc020a6);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S2 Joulemeter Service;Joulemeter Service;c:\program files\microsoft research\joulemeter\JoulemeterService.exe [2010-9-10 64816]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-6-2 133104]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2011-1-1 724736]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\w300mgmt.sys [2007-1-8 87824]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;c:\windows\system32\drivers\w300obex.sys [2007-1-8 85696]
.
=============== Created Last 30 ================
.
2011-04-02 02:05:16 -------- d-----w- C:\32788R22FWJFW.1.tmp
2011-04-02 01:46:00 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-04-02 00:48:16 388096 ----a-r- c:\docume~1\compaq~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-04-02 00:14:19 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-02 00:14:19 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-31 05:18:17 -------- d-----w- c:\windows\system32\NtmsData
2011-03-09 04:32:56 -------- d-----w- c:\program files\SBR Poker
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 2:20:39.96 ===============

 

[mikec20311]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/19/2006 2:36:24 PM
System Uptime: 4/2/2011 2:11:45 AM (0 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3500+ | Socket 939 | 1790/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 85.817 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 1.195 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP188: 1/1/2011 9:23:29 AM - System Checkpoint
RP189: 1/6/2011 1:21:29 AM - System Checkpoint
RP190: 1/10/2011 5:49:01 PM - System Checkpoint
RP191: 1/11/2011 3:34:30 PM - Software Distribution Service 3.0
RP192: 1/11/2011 7:15:21 PM - Installed Java(TM) 6 Update 23
RP193: 1/17/2011 6:32:05 PM - System Checkpoint
RP194: 1/19/2011 1:46:59 AM - System Checkpoint
RP195: 1/20/2011 2:41:15 AM - System Checkpoint
RP196: 1/21/2011 7:14:50 PM - System Checkpoint
RP197: 1/23/2011 8:45:15 PM - System Checkpoint
RP198: 1/26/2011 12:21:45 AM - System Checkpoint
RP199: 1/28/2011 7:33:39 AM - System Checkpoint
RP200: 1/29/2011 6:09:25 PM - System Checkpoint
RP201: 2/3/2011 6:04:26 PM - System Checkpoint
RP202: 2/5/2011 2:53:38 PM - System Checkpoint
RP203: 2/6/2011 7:44:15 PM - System Checkpoint
RP204: 2/7/2011 9:26:17 PM - System Checkpoint
RP205: 2/9/2011 7:56:31 PM - System Checkpoint
RP206: 2/10/2011 3:00:27 AM - Software Distribution Service 3.0
RP207: 2/11/2011 9:43:50 PM - System Checkpoint
RP208: 2/13/2011 6:18:38 PM - System Checkpoint
RP209: 2/14/2011 10:01:13 PM - System Checkpoint
RP210: 2/16/2011 12:38:12 AM - System Checkpoint
RP211: 2/17/2011 2:59:33 AM - System Checkpoint
RP212: 2/18/2011 9:28:12 PM - System Checkpoint
RP213: 2/22/2011 6:37:30 PM - System Checkpoint
RP214: 2/23/2011 10:48:30 PM - System Checkpoint
RP215: 2/25/2011 7:17:43 PM - System Checkpoint
RP216: 2/26/2011 8:50:51 PM - System Checkpoint
RP217: 2/28/2011 7:20:36 PM - System Checkpoint
RP218: 3/1/2011 11:27:19 PM - System Checkpoint
RP219: 3/3/2011 4:48:16 AM - System Checkpoint
RP220: 3/6/2011 9:30:11 PM - System Checkpoint
RP221: 3/8/2011 3:00:17 AM - Software Distribution Service 3.0
RP222: 3/9/2011 1:22:55 AM - Software Distribution Service 3.0
RP223: 3/12/2011 12:47:18 PM - System Checkpoint
RP224: 3/16/2011 11:02:48 AM - Software Distribution Service 3.0
RP225: 3/17/2011 10:40:04 PM - System Checkpoint
RP226: 3/22/2011 7:11:23 PM - System Checkpoint
RP227: 3/22/2011 10:41:43 PM - Software Distribution Service 3.0
RP228: 3/23/2011 3:40:10 PM - Software Distribution Service 3.0
RP229: 3/24/2011 9:58:37 PM - System Checkpoint
RP230: 3/27/2011 10:21:40 PM - System Checkpoint
RP231: 3/30/2011 6:04:55 PM - System Checkpoint
RP232: 4/1/2011 8:11:03 PM - Restore Operation
RP233: 4/1/2011 8:48:11 PM - Installed HiJackThis
RP234: 4/1/2011 9:12:44 PM - Removed Adobe Reader 7.1.0
RP235: 4/1/2011 9:25:59 PM - Installed Adobe Reader X (10.0.1).
RP236: 4/1/2011 10:26:25 PM - Removed J2SE Runtime Environment 5.0 Update 10
RP237: 4/1/2011 10:27:16 PM - Removed J2SE Runtime Environment 5.0 Update 11
RP238: 4/1/2011 10:28:06 PM - Removed J2SE Runtime Environment 5.0 Update 5
RP239: 4/1/2011 10:29:01 PM - Removed J2SE Runtime Environment 5.0 Update 6
RP240: 4/1/2011 10:29:54 PM - Removed J2SE Runtime Environment 5.0 Update 9
RP241: 4/1/2011 10:30:54 PM - Removed Java(TM) 6 Update 2
RP242: 4/1/2011 10:32:02 PM - Removed Java(TM) 6 Update 20
RP243: 4/1/2011 10:33:05 PM - Removed Java(TM) 6 Update 3
RP244: 4/1/2011 10:33:57 PM - Removed Java(TM) 6 Update 5
RP245: 4/1/2011 10:34:55 PM - Removed Java(TM) 6 Update 7
RP246: 4/1/2011 10:35:51 PM - Removed Java(TM) SE Runtime Environment 6 Update 1
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Advanced SystemCare 3
ATI Control Panel
ATI Display Driver
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Barnyard Invasion from Compaq (remove only)
Bejeweled 2 Deluxe from Compaq (remove only)
Bing Bar
Blackhawk Striker 2 from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Blasterball 2 Remix from Compaq (remove only)
Boggle Supreme from Compaq (remove only)
Bookworm Deluxe from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
BufferChm
CCleaner
CDDRV_Installer
Choice Guard
Chuzzle Deluxe from Compaq (remove only)
Cisco Network Magic
Compaq Connections (remove only)
Compaq Game Console and games
Compaq Organize
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_LightScribePlugin
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Crystal Maze from Compaq (remove only)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Plus Web Player
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Enhanced Multimedia Keyboard Solution
ESET Online Scanner v3
FATE from Compaq (remove only)
Full Tilt Poker
FullDPAppQFolder
Google Chrome
Google Update Helper
HDDlife 3.0 Google Desktop Gadget
HiJackThis
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Photo Creations
HP Update
HPDiagnosticAlert
HpSdpAppCoreApp
Insaniquarium Deluxe from Compaq (remove only)
InstantShareDevices
InterVideo WinDVD Player
Joulemeter
Junk Mail filter update
Lemonade Tycoon 2 from Compaq (remove only)
Lexibox Deluxe from Compaq (remove only)
LightScribe 1.4.52.1
LimeWire 5.5.13
Linksys Wireless Manager
Logitech Desktop Messenger
Logitech SetPoint
magicJack
Mah Jong Quest from Compaq (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.4
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
Mozilla Firefox (3.6.16)
MSA20XX Device Manager
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Browser (remove only)
Network Magic
OpenOffice.org 2.0
PhotoGallery
Picasa 3
PokerStars
Polar Bowler from Compaq (remove only)
Polar Golfer from Compaq (remove only)
PS2
Pure Networks Platform
Puzzle Express
Puzzle Express from Compaq (remove only)
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RealPlayer
Revo Uninstaller 1.85
Ricochet Lost Worlds from Compaq (remove only)
SA30xx Device Manager
SA30xx Media Converter
Sandboxie 3.48
SBR Poker 1.0.0
SCRABBLE from Compaq (remove only)
Security Advisor
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shooting Stars Pool from Compaq (remove only)
Shrek 2 Ogre Bowler from Compaq (remove only)
SkinsHP1
Slingo Deluxe from Compaq (remove only)
Snowboard SuperJam from Compaq (remove only)
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SopCast 3.0.1
SpeedFan (remove only)
SpywareBlaster 4.2
Super Granny from Compaq (remove only)
SUPERAntiSpyware Professional
Tradewinds from Compaq (remove only)
Trillian
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6b
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Messenger
Yahoo! Software Update
Zuma Deluxe from Compaq (remove only)
.
==== Event Viewer Messages From Past Week ========
.
4/2/2011 2:09:22 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 avgio avipbb Fips ftsata2 IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv Tcpip
4/2/2011 2:09:22 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 2:09:22 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/2/2011 2:08:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/2/2011 2:08:50 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/1/2011 10:39:06 PM, error: Service Control Manager [7034] - The Joulemeter Service service terminated unexpectedly. It has done this 1 time(s).
4/1/2011 10:38:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2
4/1/2011 10:32:41 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

 

[mikec20311]

Now anything I attempt to search for in a search engine gets redirected. and I have repeatedly tried to uninstall avg in normal and safe mode. no luck. The strange thing is I have ran combofix before. I had a bad virus problem like a year ago and was able to use it.

 

[mikec20311]

well i've done a lot or messing around and probably done more harm than good. now my avira has been shut down and it will not re-activate the guard. stupid I know but been in panic mode. I know for sure the thing I got was "windows repair" some rogue thing and I've searched around and it's been popular the last few days. It's really tricky too. I still don't know what the heck happened. I didn't even open anything. I know I'll never surf without the sandboxie again.

 

[johnb35]

OK, I know why Combofix is saying avg is still installed. There is an AVG toolbar entry in your dds log. Combofix still won't run with only the toolbar installed, it don't like any avg products. Combofix never used to be like this. So here are your options.

1. See if you have a directory labeled AVG in C:\program files. If you do, you can download and run revo uninstaller.

http://www.revouninstaller.com/

Open the program and click on forced uninstall up top. In the box that is labeled "full path to programs file or folder". Type c:\program files\avg and then press next. It will scan for left over files and give you the option to delete them.

2. Reinstall AVG and then totally uninstall it again using the avg removal tool



In the mean time. Please run the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

 

[mikec20311]

tried the revo uninstaller, couldn't find any avg directories. just tried reinstalling avg and uninstalling it with the tool and combofix still won't run. same message about avg. I'm now about to download and run tds

 

[mikec20311]

I'm running tds and absolutely nothing happens. When I click run it just goes away and nothing happens. I have tried several times. I tried in safe mode too.

 

[mikec20311]

did a full scan on mbam. got some stuff

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6245

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/3/2011 1:58:35 AM
mbam-log-2011-04-03 (01-58-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 293448
Time elapsed: 2 hour(s), 11 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP232\A0055146.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP232\A0055156.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6}\RP231\A0054137.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

 

[johnb35]

Are you comforatable editing the registry? You can enter the registry and go to find and have it look for this string {A057A204-BACC-4D26-9990-79A187E2698E}, which is the avg toolbar, and delete it, then keep pressing F3 to find next instance of that string and delete it and keep going until its done searching the registry.

Or if you want to, You can download a program called teamviewer and I can access your system and do it for you. Just let me know.

 

[mikec20311]

hey john I will download the teamviewer. i'm on the road right now but headed home very soon. can you give me the link to get it?

 

[johnb35]

http://www.teamviewer.com/en/index.aspx

Click on where it says "start full version, its free" to download the file. and then run it.

 

[mikec20311]

just downloaded team viewer. ready to go. what's next?

 

[mikec20311]

do I just run it or install?