hwaugh

okay well I think getting pictures and files off the computer and just reinstalling is the best option, then I can fix my printer issue as well. Thanks you the help guys. Heath

When I do a right click on a file folder or try to open a drop down box to switch where I want to save something my computer freezes up on that screen. It all started when I removed some things from my Add and remove programs. I was having issues with my HP Printer and ended up trying to delete everything that was related to it, well I think I may have deleted something i was not spoused to. Can some one help me? I really don't want to have to crash my system to fix it but i will if thats what I have to do to get it normal again.

Gammo, I would like to say thank you so very much for taking the time to help people like me. I will be making a donation as soon as I get my pay check. (December) Again thank you! Heath :)

Well I went ahead and removed Ad Aware but I did keep SpyBot. Also I downloaded Spyware Blaster but I noticed it did not include protection for Goggle Chrome as that is the Web Browser I use all the time. So I may need a different spyware program.

Gammo, I have Spybot Search and Destroy and Ad-Aware installed on my computer. Should I uninstall them and download the other programs you suggested? Thanks

ESETScan Results C:\Documents and Settings\All Users\Documents\Server\hlp.dat Win32/Bamital.EQ trojan cleaned by deleting - quarantined C:\Documents and Settings\Default User\My Documents\Downloads\BSINSTALL 1.exe Win32/Adware.SaveNow application deleted - quarantined C:\Documents and Settings\Owner.Main-Frame-2004\My Documents\Downloads\BSINSTALL 1.exe Win32/Adware.SaveNow application deleted - quarantined C:\Documents and Settings\Owner.MAIN-FRAME2004\My Documents\Downloads\regzookasetup.exe probably a variant of Win32/Adware.RegGenie application deleted - quarantined C:\Documents and Settings\Owner.MAIN-FRAME2004\My Documents\Downloads\Spydig_Setup.exe Win32/Adware.SpywareCease application deleted - quarantined C:\Documents and Settings\Owner.MAIN-FRAME2004\My Documents\Incomplete\T-3545427-nicki minaj bottoms up verse.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined C:\Program Files\BackWeb\BackWeb Client\6.2.3.66\Program\runner.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined C:\Program Files\RegZooka\regzooka.exe probably a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Bamital.EQ trojan deleted - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0002392.exe Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006365.exe Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006366.exe Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006391.exe Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006392.exe Win32/Bamital.EQ trojan deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006513.exe Win32/Adware.SaveNow application deleted - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006514.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006515.exe probably a variant of Win32/Adware.RegGenie application cleaned by deleting - quarantined C:\System Volume Information\_restore{CD53596A-5812-49DB-AF84-A72B9BECDE4F}\RP12\A0006516.exe probably a variant of Win32/Agent.CBFNBEO trojan cleaned by deleting - quarantined C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3b60dd3c-71302f7e.zip Java/ClassLoader.Dummy.D trojan deleted - quarantined C:\WINDOWS\system32\config\systemprofile\My Documents\Downloads\BSINSTALL 1.exe Win32/Adware.SaveNow application deleted - quarantined

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5131 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/16/2010 5:57:29 PM mbam-log-2010-11-16 (17-57-29).txt Scan type: Quick scan Objects scanned: 171365 Time elapsed: 18 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected:

ComboFix 10-11-15.06 - Owner 11/16/2010 9:36.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1579 [GMT -8:00] Running from: c:\documents and settings\Owner.MAIN-FRAME2004\My Documents\Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Owner.MAIN-FRAME2004\My Documents\Downloads\CFScript.txt FILE :: "c:\windows\ALCXMNTR.EXE" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\dd0000-5aa4-407c-f9c7-d2a7336ccab4 c:\documents and settings\All Users\Application Data\dd0000-5aa4-407c-f9c7-d2a7336ccab4\1289153989_1_03.xml c:\windows\ALCXMNTR.EXE c:\windows\TEMP\explorer.dat Infected copy of c:\windows\system32\winlogon.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\explorer.exe . --------------- FCopy --------------- c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ADWAREALERT -------\Service_adwarealert ((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 ))))))))))))))))))))))))))))))) . 2010-11-16 17:36 . 2010-11-16 17:36 -------- d-----w- c:\windows\LastGood.Tmp 2010-11-10 05:13 . 2010-04-29 23:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-10 05:13 . 2010-11-10 05:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-10 05:13 . 2010-04-29 23:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-08 16:59 . 2010-11-08 16:59 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-08 16:55 . 2010-11-08 16:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-11-08 04:28 . 2010-11-10 05:13 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2010-11-07 23:58 . 2010-11-07 23:58 -------- d-----w- c:\documents and settings\Owner.MAIN-FRAME2004\Application Data\Malwarebytes 2010-11-07 23:56 . 2010-11-07 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-07 08:17 . 2010-11-07 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-11-07 08:16 . 2010-11-07 22:39 4073374 ----a-w- c:\documents and settings\All Users\Application Data\bdinstall.bin 2010-11-07 08:04 . 2010-11-07 08:04 -------- d-----w- c:\documents and settings\Owner.MAIN-FRAME2004\Application Data\QuickScan 2010-10-29 05:09 . 2010-11-15 19:17 -------- d-----w- c:\documents and settings\Owner.MAIN-FRAME2004\Application Data\FrostWire 2010-10-29 05:07 . 2010-11-04 02:53 -------- d-----w- c:\program files\FrostWire 2010-10-21 04:36 . 2010-10-21 04:36 -------- d-----w- c:\documents and settings\Owner.MAIN-FRAME2004\Local Settings\Application Data\AVG Security Toolbar 2010-10-19 03:55 . 2010-10-19 03:55 -------- d-----w- c:\documents and settings\Owner.MAIN-FRAME2004\Application Data\AVG10 2010-10-19 03:49 . 2010-10-19 03:49 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2010-10-19 03:43 . 2010-11-16 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10 2010-10-19 03:25 . 2010-10-19 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-18 19:23 . 2003-11-06 00:06 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2003-11-06 00:06 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2003-11-06 00:06 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2003-11-06 00:06 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2003-11-05 23:26 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2003-11-06 00:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2003-11-06 00:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-09-08 18:17 . 2010-09-08 18:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 18:17 . 2010-09-08 18:17 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-09-01 11:51 . 2003-11-06 00:04 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2003-10-11 02:22 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2003-11-05 23:26 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2003-11-05 23:24 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2003-10-11 02:22 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-04-16 03:51 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2003-11-06 00:04 617472 ----a-w- c:\windows\system32\comctl32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 852038] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856] "AbacastDistributedOnDemand:11"="c:\documents and settings\Owner.MAIN-FRAME2004\Local Settings\Application Data\AbacastDistributedOnDemand\Node\11\AbacastDistributedOnDemand.exe" [2009-04-15 54712] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2003-06-23 24576] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LTMSG"="LTMSG.exe 7" [X] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "AutoTKit"="c:\hp\bin\AUTOTKIT.EXE" [2003-06-19 53248] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-08-19 4841472] "nwiz"="nwiz.exe" [2003-08-19 323584] "Sunkist2k"="c:\program files\Multimedia Card Reader\shwicon2k.exe" [2003-08-15 139264] "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-22 221184] "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-03 61440] "MediaFace Integration"="c:\program files\Fellowes\MediaFACE 5.0\SetHook.exe" [2009-02-02 53248] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-10-11 151597] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160] c:\documents and settings\Default User\Start Menu\Programs\Startup\ WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651] c:\documents and settings\Owner.Main-Frame-2004\Start Menu\Programs\Startup\ spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSub.exe [2003-10-13 557056] WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651] c:\documents and settings\Owner.MAIN-FRAME2004\Start Menu\Programs\Startup\ WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk backup=c:\windows\pss\Updates from HP.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner.MAIN-FRAME2004^Start Menu^Programs^Startup^spamsubtract.lnk] path=c:\documents and settings\Owner.MAIN-FRAME2004\Start Menu\Programs\Startup\spamsubtract.lnk backup=c:\windows\pss\spamsubtract.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-09-23 11:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNotify] 2003-06-23 04:25 24576 ----a-w- c:\program files\HP\Digital Imaging\bin\BackupNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-03-12 05:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05] 2003-05-23 09:55 483328 ----a-w- c:\windows\system32\hphmon05.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv] 1998-05-07 23:04 52736 ----a-w- c:\windows\system\hpsysdrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder] 2003-06-18 01:13 118784 ----a-w- c:\windows\CREATOR\Remind_XP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-03-11 16:57 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2003-10-11 04:58 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Documents and Settings\\Owner.MAIN-FRAME2004\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"= "c:\\Documents and Settings\\Owner.MAIN-FRAME2004\\Local Settings\\Application Data\\AbacastDistributedOnDemand\\Node\\11\\AbacastDistributedOnDemand.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/8/2010 8:59 AM 64288] R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/5/2008 10:07 AM 28544] R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [6/10/2009 2:45 PM 351384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/4/2009 8:39 PM 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 7:52 AM 1352832] S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/27/2009 2:27 AM 29262680] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-11-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:59] 2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 04:39] 2010-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-05 04:39] 2010-11-13 c:\windows\Tasks\Norton AntiVirus - Scan my computer.job - c:\progra~1\NORTON~1\NORTON~1\NAVW32.exe [2001-10-26 14:24] 2003-10-14 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-10-14 07:17] 2010-11-16 c:\windows\Tasks\User_Feed_Synchronization-{A695ED02-657E-499F-9F01-30C2F0E48512}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 11:31] 2010-11-16 c:\windows\Tasks\WebReg 20060207091303.job - c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2007-03-12 04:27] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uDefault_Search_URL = hxxp://srch-us10.hpwis.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = localhost;*.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Owner.MAIN-FRAME2004\Application Data\Mozilla\Firefox\Profiles\v17xx1zm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-16 09:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2888) c:\windows\system32\WININET.dll c:\windows\system32\nView.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\System32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\LTMSG.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe . ************************************************************************** . Completion time: 2010-11-16 09:58:48 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-16 17:58 ComboFix2.txt 2010-11-16 04:18 Pre-Run: 84,693,909,504 bytes free Post-Run: 84,672,339,968 bytes free - - End Of File - - 012F053CC22757BB22D920715F448120

Also just for info...while installing combofix I was instructed to uninstall AVG 2011. Can I go ahead and reinstall it now? Or do I need to wait? Thanks Heath

ComboFix.txt

I am running XP Home Edition SP3 for info.

Okay so I have no Idea on how to get rid of this Virus. I have AVG Anti Virus Free 2011 and the AVG resident shield Alert pops up with: AVG Resident Shield Alert keeps reporting the following problems: c:\windows\system32\winlogon.exe virus identified win32/patched.fr c:\windows\explorer.exe virus identified win32/patched.fs It also reports "Object is white-listed (critical/system file that should not be removed)" for both of the above Malwarebytes does not report anything Can someone please help to fix this problem.