Jump to content

Missing: Desktop Icons, Toolbar; sys restore not working, dial up setup/icon gone


Recommended Posts

Merged post.

We look for post with 0 replies, so when you reply to your own topic, we assume you were being helped.

Noticed this earlier this afternoon, just as the subject line mentions. Tried via safe mode-you can see in the Attach report the different attempts at restore.

Was able to connect via wireless tether once, updated Malwarebytes, but was not able to connect to Avast to update. I just checked the shields-8 out of 10 are disabled, it says "unable to reach".

I did something stupid earlier-I ran HiJack this, looked at the report, in my frustration, I did remove something that started to read something like IE homepage/inf, so thinking that might deleted the "infected homepage", I "fixed" that. I guess that lowers my chances of getting help here, but will give it a try so here is my post.

In the last couple of months I now and the use wireless tethering service from Sprint. I'm wondering how secure that might not be?? I am using mozilla now but I had been and mostly use IE, recently updated to IE8-prefer IE7.

I did a quick scan with MWBytes, it found nothing, did quick scan and scanned other areas with Avast, showed nothing but right now it seems to be 80% (100%?) not working.

Any help would be appreciated, thank you,

ko

____________________________________________________.

DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

Run by Kerry Owen at 21:11:59 on 2012-05-08

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1475 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-

US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = localhost:12080

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [synTPStart] c:\program files\synaptics\syntp\SynTPStart.exe

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Cpqset] ÜæB

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\kerryo~1\startm~1\programs\startup\MOBILE~1.LNK -

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - {8C85E2EE-9FD6-11D5-B770-504D54C10000} - c:\program

files\visualroute\vrie.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12

\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4

\office12\REFIEBAR.DLL

Trusted Zone: foxsports.com\msn

Trusted Zone: meade.com\www

Trusted Zone: microsoft.com\www

Trusted Zone: msn.com\www

Trusted Zone: palmgear.com\trials

Trusted Zone: photographyreview.com\www

Trusted Zone: pogo.com\game3

Trusted Zone: wetcanvas.com\www

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-

a617-af65a72a0465/LegitCheckControl.cab

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab

DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -

hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167849549312

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://olta.demon.co.uk/activex/AxisCamControl.ocx

DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab

DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://www.adobe.com/products/acrobat/nos/gp.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab41227.cab

DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-

87C3-163549BE2704/clearadj.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} - hxxp://fdl.msn.com/public/investor/v13/ticker.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

TCP: DhcpNameServer = 192.168.43.1

TCP: Interfaces\{92F0C6D3-7C96-4F5C-8F38-45066D69A224} : DhcpNameServer = 192.168.43.1

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kerry owen\application data\mozilla\firefox\profiles\p57dvynm.default\

FF - prefs.js: browser.startup.homepage - http:msn.com

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\documents and settings\kerry owen\application data\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-

4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\alwil software\avast5\webrep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-

c095-46ed-80e3-08825760534b}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-

37578a4de76b}

FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-

45DA55D89593}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13

============= SERVICES / DRIVERS ===============

.

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-14 28544]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-2 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-9-24 337880]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-24 20696]

S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-20 44768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe

[2009-9-26 189736]

S2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2007-3-22 9728]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-9-20 654408]

S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2009-1-8 262360]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32

\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 253600]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [2007-5-14 35824]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-9-20 22344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache

4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-04-05 06:05:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-05 06:05:33 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 23:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec

2009-07-17 06:07:47 1228041 ----a-w- c:\program files\InstallFreeRARExtractFrog.exe

2008-10-12 20:31:44 6224944 ----a-w- c:\program files\pkreader.exe

2008-10-10 13:41:18 5186048 ----a-w- c:\program files\WindowsDefender.msi

2008-09-28 15:40:44 1018520 ----a-w- c:\program files\fsbl.exe

2007-07-10 15:16:17 158352 ----a-w- c:\program files\FixWebHancer.exe

2007-07-09 20:26:55 4307808 ----a-w- c:\program files\vrle.exe

2007-02-14 18:28:02 1655856 ----a-w- c:\program files\cspro367.exe

2007-01-08 20:47:27 6427936 ----a-w- c:\program files\screensaverfunpack.exe

2007-01-08 19:35:00 1506400 ----a-w- c:\program files\WinColorSetup.exe

2005-06-04 07:11:43 6526608 ----a-w- c:\program files\MicrosoftAnt

_________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 5/22/2005 3:50:06 PM

System Uptime: 5/8/2012 7:00:37 PM (2 hours ago)

.

Motherboard: Quanta | | 09B8

Processor: Intel® Pentium® M processor 1.50GHz | U1 | 1496/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 34.808 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP231: 1/13/2012 4:55:11 PM - System Checkpoint

RP232: 1/14/2012 3:40:44 AM - Software Distribution Service 3.0

RP233: 1/16/2012 8:17:03 PM - Software Distribution Service 3.0

RP234: 1/17/2012 8:21:49 AM - Software Distribution Service 3.0

RP235: 1/18/2012 10:26:22 AM - System Checkpoint

RP236: 1/19/2012 10:56:23 AM - System Checkpoint

RP237: 1/22/2012 2:46:44 AM - System Checkpoint

RP238: 1/27/2012 8:30:05 AM - System Checkpoint

RP239: 1/28/2012 8:54:46 AM - System Checkpoint

RP240: 1/29/2012 9:11:58 AM - System Checkpoint

RP241: 1/30/2012 11:08:27 AM - System Checkpoint

RP242: 1/31/2012 12:35:13 PM - System Checkpoint

RP243: 2/1/2012 10:34:19 PM - System Checkpoint

RP244: 2/15/2012 2:44:37 PM - System Checkpoint

RP245: 2/16/2012 12:04:05 PM - Software Distribution Service 3.0

RP246: 2/21/2012 2:35:20 PM - System Checkpoint

RP247: 2/23/2012 2:54:03 PM - System Checkpoint

RP248: 2/24/2012 3:15:13 PM - System Checkpoint

RP249: 2/26/2012 11:56:24 AM - System Checkpoint

RP250: 2/27/2012 12:10:04 PM - System Checkpoint

RP251: 2/28/2012 7:48:15 AM - Software Distribution Service 3.0

RP252: 2/28/2012 8:16:00 AM - Software Distribution Service 3.0

RP253: 2/29/2012 11:49:13 AM - System Checkpoint

RP254: 3/4/2012 3:17:10 AM - System Checkpoint

RP255: 3/6/2012 10:24:29 AM - System Checkpoint

RP256: 3/8/2012 7:44:38 PM - System Checkpoint

RP257: 3/10/2012 12:26:14 PM - System Checkpoint

RP258: 3/10/2012 1:35:39 PM - Software Distribution Service 3.0

RP259: 3/10/2012 3:54:43 PM - Software Distribution Service 3.0

RP260: 3/10/2012 6:06:43 PM - Software Distribution Service 3.0

RP261: 3/12/2012 4:56:57 AM - System Checkpoint

RP262: 3/13/2012 4:01:58 PM - System Checkpoint

RP263: 3/14/2012 9:47:17 AM - Software Distribution Service 3.0

RP264: 3/19/2012 1:34:43 AM - System Checkpoint

RP265: 3/26/2012 8:49:10 PM - System Checkpoint

RP266: 3/28/2012 12:35:52 AM - System Checkpoint

RP267: 3/30/2012 1:11:55 PM - System Checkpoint

RP268: 4/1/2012 1:28:11 AM - System Checkpoint

RP269: 4/9/2012 12:12:06 PM - System Checkpoint

RP270: 4/12/2012 11:38:40 AM - Software Distribution Service 3.0

RP271: 4/14/2012 9:22:01 PM - System Checkpoint

RP272: 4/17/2012 1:55:56 PM - System Checkpoint

RP273: 5/1/2012 9:33:47 PM - System Checkpoint

RP274: 5/8/2012 2:46:31 PM - Restore Operation

RP275: 5/8/2012 3:26:36 PM - Restore Operation

RP276: 5/8/2012 4:23:15 PM - Restore Operation

RP277: 5/8/2012 6:14:54 PM - Restore Operation

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop 5.0 Limited Edition

Adobe Photoshop Elements

Adobe Reader 8.3.1

aiofw

aioocr

aioprnt

aioscnnr

Applet_App

Applet_Copy

Applet_Email

Applet_Epp

Applet_File

Applet_OCR

Applet_Photoshop

Applet_Web

ArcSoft PhotoImpression 6

ArcSoft Print Creations

AudibleManager

Autostar Updater

avast! Free Antivirus

BC_VUP

BCD396T_ESN_Loader_V1_20_13

BCD396T_UASD

BHODemon 2.0.0.23

CadStd

Canon Camera Access Library

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon EOS 5D WIA Driver

Canon RAW Image Task for ZoomBrowser EX

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.3

Canon Utilities EOS Utility

Canon Utilities MyCamera

Canon Utilities Original Data Security Tools

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities WFT-E1/E2/E3 Utility

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCScore

center

Conexant AC-Link Audio

Creative Mass Storage Drivers

Creative MediaSource

Creative System Information

Creative ZEN

Creative Zen Nano Plus

Critical Update for Windows Media Player 11 (KB959772)

Documents To Go

EPSON Copy Utility

EPSON Print CD

EPSON Printer Software

EPSON Scan

EPSON Stylus Photo RX680 Series Scanner Driver Update

EPSON TWAIN 5

ESET Online Scanner v3

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSSONIC

ESSTOOLS

essvatgt

Facebook Plug-In

Filtering Full Wheel Generator Version 4.0.1.88

Free RAR Extract Frog 1.00

FreeSCAN

Garmin WebUpdater

getPlus®_ocx

Help_CTR

helptut

helpug

HiJackThis

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Help and Support

HpSdpAppCoreApp

Intel® Extreme Graphics 2 Driver

InterVideo WinDVD

Java Auto Updater

Java™ 6 Update 23

kgcbaby

kgcbase

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

KODAK EASYSHARE 5000 Series All-in-One Software

ksdip

Lexmark Fax Solutions

LG USB Modem driver

Logitech MouseWare 9.79

Lotto Pro

Malwarebytes Anti-Malware version 1.61.0.1400

MGI PhotoSuite Mobile Edition (Remove only)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox (3.6.8)

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 3.5 - SE

netbrdg

Nikon Scan

Notifier

OfotoXMI

P.I.M. II Plug-In

Palm Desktop

PL-2303 USB-to-Serial

Quick Launch Buttons 5.00 C2

ScanToWeb

Seagate Manager Installer

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB928090)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB931768)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

SFR

SHASTA

SKIN0001

SKINXSDK

Smart Luck History Editor Version 1.0.1.10

Smart Luck Wheel Gold™ Version 4.0.0.21

SoftV90 Data Fax Modem with SmartCP

Software Update Wizard (Redist) 4.5

Sonic RecordNow!

Sonic Update Manager

Spell Checker For OE 2.1

Spelling Dictionaries Support For Adobe Reader 8

staticcr

Synaptics Pointing Device Driver

Texas Instruments PCIxx21/x515 drivers.

TIxx21/x515

tooltips

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB Picture Card Reader

VC 9.0 Runtime

VisualRoute

VPRINTOL

WebFldrs XP

Windows Defender Signatures

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Format SDK Hotfix - KB891122

Windows Media Player 11

Windows XP Service Pack 3

WIRELESS

ZENcast Organizer

.

==== Event Viewer Messages From Past Week ========

.

5/8/2012 7:02:38 PM, error: Service Control Manager [7026] - The following boot

-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi

eabfiltr Fips intelppm pavboot

5/8/2012 6:56:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting

to start the service wuauserv with arguments "" in order to run the server:

{E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/8/2012 12:34:44 PM, error: DCOM [10005] - DCOM got error "%1084" attempting

to start the service StiSvc with arguments "" in order to run the server:

{A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/8/2012 12:31:43 PM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP

aswTdi eabfiltr Fips intelppm OADevice oahlpXX pavboot

5/8/2012 11:44:08 AM, error: DCOM [10005] - DCOM got error "%1084" attempting

to start the service netman with arguments "" in order to run the server:

{BA126AE5-2166-11D1-B1D0-00805FC1270E}

5/8/2012 11:44:04 AM, error: Service Control Manager [7026] - The following

boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswRdr aswSnx

aswSP aswTdi eabfiltr Fips intelppm IPSec MRxSmb NetBIOS NetBT OADevice

oahlpXX OAmon OAnet pavboot RasAcd Rdbss Tcpip WS2IFSL

5/8/2012 11:44:04 AM, error: Service Control Manager [7001] - The TCP/IP

NetBIOS Helper service depends on the AFD service which failed to start

because of the following error: A device attached to the system is not

functioning.

5/8/2012 11:44:04 AM, error: Service Control Manager [7001] - The IPSEC

Services service depends on the IPSEC driver service which failed to start

because of the following error: A device attached to the system is not

functioning.

5/8/2012 11:44:04 AM, error: Service Control Manager [7001] - The DNS Client

service depends on the TCP/IP Protocol Driver service which failed to start

because of the following error: A device attached to the system is not

functioning.

5/8/2012 11:44:04 AM, error: Service Control Manager [7001] - The DHCP Client

service depends on the NetBios over Tcpip service which failed to start because

of the following error: A device attached to the system is not functioning.

5/8/2012 11:43:39 AM, error: DCOM [10005] - DCOM got error "%1084" attempting

to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}

5/8/2012 10:20:49 AM, error: Service Control Manager [7000] - The MCSTRM

service failed to start due to the following error: The system cannot find the file

specified.

5/3/2012 3:08:46 AM, error: RemoteAccess [20106] - Unable to add the interface

{A5FB2ACA-5466-41E9-9955-D75F535024F5} with the Router Manager for the IP

protocol. The following error occurred: Cannot complete this function.

5/3/2012 3:08:43 AM, error: Service Control Manager [7034] - The Kodak AiO

Device Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

Anyone? Pitch the laptop? It's working in safemode and allowing use of HotSpot with Sprint. Doing a full MWByte scan.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:21:04 AM, on 5/9/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

localhost:12080

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program

Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program

Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update

Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch

Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent

Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Cpqset] ÜæB

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe

bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0

\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-

Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32

\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Mobiletel.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4

\Office12\EXCEL.EXE/3000

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program

Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-

1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-

5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-

f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=presario&pf=laptop

O15 - Trusted Zone: http://msn.foxsports.com

O15 - Trusted Zone: http://www.meade.com

O15 - Trusted Zone: http://www.msn.com

O15 - Trusted Zone: http://trials.palmgear.com

O15 - Trusted Zone: http://www.photographyreview.com

O15 - Trusted Zone: http://game3.pogo.com

O15 - Trusted Zone: http://www.wetcanvas.com

O15 - Trusted IP range: 66.196.0.254

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -

http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplu

gin.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -

http://zone.msn.com/binFrameWork/v10/StagingUI.cab40641.cab

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -

http://www.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -

http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - https://www-

secure.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) -

http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - https://www-

secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-

secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -

http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -

https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) -

http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab

?1167849549312

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -

http://olta.demon.co.uk/activex/AxisCamControl.ocx

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) -

http://zone.msn.com/bingame/zpagames/zpa_pool.cab36107.cab

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -

http://www.symantec.com/techsupp/asa/SymAData.cabO16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) -

http://zone.msn.com/binframework/v10/StProxy.cab41227.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) -

http://fdl.msn.com/public/investor/v13/ticker.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate

Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-

00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-

11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe

Systems Incorporated - C:\WINDOWS\system32

\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5

\AvastSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program

Files\Canon\CAL\CALMAIN.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON

CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC -

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. -

C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program

Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -

C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program

Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions /

PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--

End of file - 10315 bytes

Link to post
Share on other sites

  • Replies 88
  • Created
  • Last Reply

Top Posters In This Topic

post-32477-1261866970.gif

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Download unhide.exe & save it to your windows folder:

Right click on unhide.exe and select Run as administrator (In case you have Vista or Win7)

Reboot

This will unhide folders/files that were set to be hidden by the infection you had.

Next:

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

Link to post
Share on other sites

Thank you.

Unhide by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

http://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 05/09/2012 12:28:41 PM

Windows Version: Windows XP

Please be patient while your files are made visible again.

Processing the C:\ drive

Finished processing the C:\ drive. 138722 files processed.

The C:\DOCUME~1\KERRYO~1\LOCALS~1\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.

- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

* Start_ShowRecentDocs was set to 0! It was set back to 2!

Restarting Explorer.exe in order to apply changes.

Program finished at: 05/09/2012 12:46:27 PM

Execution time: 0 hours(s), 17 minute(s), and 45 seconds(s)

_____________________________________

Malwarebytes Anti-Malware (PRO) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.05.09.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.6001.18702

Kerry Owen :: KERRYSPORTABLE [administrator]

Protection: Disabled

5/9/2012 5:50:02 AM

mbam-log-2012-05-09 (05-50-02).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 330842

Time elapsed: 1 hour(s), 27 minute(s), 27 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

__________________________________

After running unhide I restarted my computer. It did show I'd say half, maybe a few more icons, and the rest looked like program or icons that might open in upper level type applications (not notebook or word). Toolbar was ms blue with silver/gray border all around and start button placement (no working button) and a spot for the clock area-silver-but nothing showing. The icons didn't work, task manager very limited, so restarted.

Seemed to hang a bit shutting down so turned off computer. Restarted in regular mode-same thing, no icons, toolbar. Restarted-back into safe mode, safe mode/no network meant exactly that. Restarted again, iirc it shut down ok, this time safe mode with networking. Updated MWB and did another full scan.

Link to post
Share on other sites

These will be there unless you have removed temp files / folders

There might be three numbered folders inside C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp folder. The folders will be numbered 1, 2 and 4.

Example:

%Temp%\smtmp\1 "%AllUsersProfile%\Start Menu"

%Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch"

%Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar"

%Temp%\smtmp\4 "%AllUsersProfile%\Desktop

Inside the 1 folder is a folder named “Programs.” This folder should be copied / pasted to (using XP) to C:\Documents and Settings\All Users\Start Menu, which will already have a folder named Programs but it is safe to overwrite it since Windows will replace the subfolders without creating duplicates.

Inside the 2 folder are the quick launch items specific for the user. Select ALL of these shortcuts and copy / paste to (using XP) C:\Documents and Settings\Your User Name\Application Data\Microsoft\Internet Explorer\Quick Launch.

Inside the 4 folder are the desktop items that should be copied to C:\Documents and Settings\All Users\Desktop.

Let me know if everything was there and how it's running now.

Link to post
Share on other sites

There are no files with smtmp in that temp folder, my folders are unhidden, and I didn't delete/clear any temp files that I can recall.

I don't have anything that looks like:

C:\Documents and Settings\Your User Name\Local Settings\Temp\smtmp

but have these:

C:\Documents and Settings\Kerry Owen\Local Settings\temp

and these:

1. C:\Documents and Settings\All Users\Start Menu\Programs

2. C:\Documents and Settings\Kerry Owen\Application Data\Microsoft\Internet Explorer\Quick Launch

(icons are there w/desktop.ini and show desktop command file

3. C:\Documents and Settings\Kerry Owen\Local Settings\Application Data\ApplicationHistory and

4. C:\Documents and Settings\All Users\Desktop

realizing these are further up the hierarchy (?) and don't have any files that have "roaming" in the (further up) app data.

Can't copy & paste anything.?

Link to post
Share on other sites

Did that. I do have a separate administrator account also, I switched to it earlier, before I posted here, I don't have much of anything set up for that. So check the folders as above?

Link to post
Share on other sites

With the administrator account you should be able to go to Documents and Settings for every account and see everyting like startup program files, desktops, etc.

If while logged in with the admin account if everything is still missing, then chances are they're gone.

Link to post
Share on other sites

I'm back at my account-adm privledges.

The separate Adm acct has Desktop, Start Menu, and other folders. In it's Local Settings folder: Application Data, and Temp folders, the rest are hidden: desktop.ini, History, and Temporary Internet Files.

Account just made has: Application Data, Desktop, Favorites, My Recent Documents, Net Hood, Owners Documents, PrintHood, Send To, Start Menu, Templates. Hidden: Cookies, IE T IdCache, Local Settings, My Recent Documents, NYUSER.DAT, ntuser.dat.LOG, ntuser.ini, secedit.INEG.RAW

In this new Account, it's Local Settings folder is just like Adm acct's, except the Application Data folder is hidden also.

Link to post
Share on other sites

I am always in my account, I never use that Administrator account, I'm guessing that is a default account that comes with the computer (it is from 2005...). I only use my account, it has admn privledges as do these others. Thing is, I start up my computer yesterday, I'm thinking it's infected, so I don't know that I want anything from these other files, that new account-the whole folder is kind of faded I guess because of safe mode. Any way to check further for virus, rootkits, if the system files got fooled with?

I'm running in safe mode for all of this, I did not get into Adm account and shut down/restart to see if the pc works. Do I switch to Adm acct, then shut down & restart?

I'd like it

Link to post
Share on other sites

Yes.

I was trying to get your icons back first,

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Sorry, tried to finish up the post-didn't scroll down enough for that tail end...

The Admin acct doesn't have the things my account has, I'm just not sure about files from the admin acct.

Link to post
Share on other sites

I'm downloading it now. I do have icons in safe mode. My wireless is setup on my account, not on the others.

I don't know that it would have the resources to run it. It will get to the Documents/settings folder, but doesn't access the rest of the folders on C:\, no programs. :?|

Link to post
Share on other sites

ComboFix 12-05-09.01 - Kerry Owen 05/09/2012 20:33:05.3.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1556 [GMT -5:00]

Running from: C:\Documents and Settings\Kerry Owen\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

I can't seem to stop Avast. It didn't show earlier in task manager, while trying to shut it down for combofix. Maybe the virus i/trojan is controlling/sheilding that in some way.?? I can't shut it down.

Still in safe mode, started with 30-32 processes in regular modeyesterday, now in safe mode-16 processes.

Same thing, no real change, looked like I saw it got rid of some files or folders.

Link to post
Share on other sites

Got one this time...

Larry, still had a time shutting down Avast, finally right clicked in task mgr then shut down through that. CFix still showed it was on-2 warnings, but proceeded. Avast is still not showing in task manager but it has not showed then reappeared before.

________________

ComboFix 12-05-10.02 - Kerry Owen 05/10/2012 7:47.4.1 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2014.1705 [GMT -5:00]

Running from: c:\documents and settings\Kerry Owen\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

c:\documents and settings\Kerry Owen\Local Settings\Application Data\assembly\tmp

c:\documents and settings\Kerry Owen\WINDOWS

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_EPSONSTATUSAGENT2

-------\Service_EPSONStatusAgent2

.

.

((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))

.

.

2012-05-09 23:50 . 2012-05-09 23:51 -------- d-----w- c:\documents and settings\Patience

2012-05-09 19:17 . 2012-05-09 19:17 -------- d-----w- c:\windows\LastGood.Tmp

2012-05-09 17:25 . 2012-05-09 17:25 399264 ----a-w- c:\windows\unhide.exe

2012-05-08 22:43 . 2012-05-08 22:44 -------- d-----w- c:\documents and settings\Administrator

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 06:05 . 2012-04-05 06:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-04-05 06:05 . 2011-05-19 14:44 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2010-09-20 05:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-06 23:15 . 2010-09-21 03:43 41184 ----a-w- c:\windows\avastSS.scr

2012-03-06 23:15 . 2008-09-24 18:48 201352 ----a-w- c:\windows\system32\aswBoot.exe

2012-03-06 23:03 . 2011-03-02 20:09 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-06 23:03 . 2008-09-24 18:48 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-03-06 23:02 . 2008-09-24 18:48 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-03-06 23:01 . 2008-09-24 18:48 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-03-06 23:01 . 2008-09-24 18:48 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2012-03-06 23:01 . 2008-09-24 18:48 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys

2012-03-06 23:01 . 2008-09-24 18:48 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-03-06 22:58 . 2008-09-24 18:48 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2012-03-01 11:01 . 2004-08-04 08:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-03-01 11:01 . 2004-08-04 08:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-03-01 11:01 . 2004-08-04 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-02-29 14:10 . 2004-08-04 08:00 177664 ----a-w- c:\windows\system32\wintrust.dll

2012-02-29 14:10 . 2004-08-04 08:00 148480 ----a-w- c:\windows\system32\imagehlp.dll

2012-02-29 12:17 . 2004-08-04 08:00 385024 ------w- c:\windows\system32\html.iec

2009-07-17 06:07 . 2009-07-17 06:07 1228041 ----a-w- c:\program files\InstallFreeRARExtractFrog.exe

2008-10-12 20:31 . 2007-07-10 21:08 6224944 ----a-w- c:\program files\pkreader.exe

2008-10-10 13:41 . 2007-01-04 17:53 5186048 ----a-w- c:\program files\WindowsDefender.msi

2008-09-28 15:40 . 2008-09-28 15:40 1018520 ----a-w- c:\program files\fsbl.exe

2007-07-10 15:16 . 2007-07-10 15:16 158352 ----a-w- c:\program files\FixWebHancer.exe

2007-07-09 20:26 . 2007-07-09 20:26 4307808 ----a-w- c:\program files\vrle.exe

2007-02-14 18:28 . 2007-02-14 18:27 1655856 ----a-w- c:\program files\cspro367.exe

2007-01-08 20:47 . 2007-01-08 20:47 6427936 ----a-w- c:\program files\screensaverfunpack.exe

2007-01-08 19:35 . 2007-01-08 19:34 1506400 ----a-w- c:\program files\WinColorSetup.exe

2005-06-04 07:11 . 2005-06-04 07:11 6526608 ----a-w- c:\program files\MicrosoftAntiSpywareInstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cpqset"="ÜæB" [X]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-05 98394]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-18 290816]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-06-05 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\Kerry Owen\Start Menu\Programs\Startup\

Mobiletel.lnk - [N/A]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk

backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Kerry Owen^Start Menu^Programs^Startup^BHODemon 2.0.lnk]

path=c:\documents and settings\Kerry Owen\Start Menu\Programs\Startup\BHODemon 2.0.lnk

backup=c:\windows\pss\BHODemon 2.0.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Kerry Owen^Start Menu^Programs^Startup^SCRABBLE Complete Registration.lnk]

path=c:\documents and settings\Kerry Owen\Start Menu\Programs\Startup\SCRABBLE Complete Registration.lnk

backup=c:\windows\pss\SCRABBLE Complete Registration.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Sonic RecordNow!"=

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"lxcemon.exe"="c:\program files\Lexmark 4300 Series\lxcemon.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Outlook Express\\msimn.exe"=

"c:\\Program Files\\Alwil Software\\Avast5\\AvastUI.exe"=

"c:\\Program Files\\Windows Lotto Pro 2000\\lotpro2000.exe"=

"c:\\Program Files\\Windows Lotto Pro 2000\\proupdt.exe"=

"c:\\Program Files\\Windows Lotto Pro 2000\\WiseUpdt.exe"=

"c:\\Program Files\\VisualRoute\\VisualRoute.exe"=

"c:\\gh\\lusetup.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\WINDOWS\\system32\\java.exe"=

"c:\\Program Files\\Adobe\\Photoshop 5.0 LE\\photosle.exe"=

.

S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [8/14/2008 12:07 PM 28544]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/2/2011 3:09 PM 612184]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/24/2008 1:48 PM 337880]

S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/24/2008 1:48 PM 20696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]

S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/26/2009 12:32 AM 189736]

S2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [3/22/2007 7:04 PM 9728]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/20/2010 12:53 AM 654408]

S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [1/8/2009 4:34 AM 262360]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 1:05 AM 253600]

S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [5/14/2007 9:49 AM 35824]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/20/2010 12:53 AM 22344]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:05]

.

2012-05-10 c:\windows\Tasks\User_Feed_Synchronization-{A7D9F73D-0A0D-4E00-8E4A-12F300A9CE75}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = localhost:12080

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: foxsports.com\msn

Trusted Zone: meade.com\www

Trusted Zone: microsoft.com\www

Trusted Zone: msn.com\www

Trusted Zone: palmgear.com\trials

Trusted Zone: photographyreview.com\www

Trusted Zone: pogo.com\game3

Trusted Zone: wetcanvas.com\www

TCP: DhcpNameServer = 192.168.43.1

FF - ProfilePath - c:\documents and settings\Kerry Owen\Application Data\Mozilla\Firefox\Profiles\p57dvynm.default\

FF - prefs.js: browser.startup.homepage - http:msn.com

FF - prefs.js: network.proxy.type - 4

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13

.

- - - - ORPHANS REMOVED - - - -

.

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)

MSConfigStartUp-CTFMON - (no file)

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

AddRemove-{D32470A1-B10C-4059-BA53-CF0486F68EBC} - c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_190001_ff9ba27\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-05-10 08:07

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-781878022-3114317985-875658923-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(1168)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

.

Completion time: 2012-05-10 08:11:58

ComboFix-quarantined-files.txt 2012-05-10 13:11

.

Pre-Run: 37,292,036,096 bytes free

Post-Run: 37,252,333,568 bytes free

.

- - End Of File - - 0C2BC06863B718143622715DEE3B2169

Link to post
Share on other sites

No I did not set that up. I did not restart the pc, still in safe mode, but during Combo fix-toward or at the end of the scan, the window came up that shows pc is running in safe mode, and you click ok or yes, like after a restart. Clicked yes. A soft restart? I did get a PEV.EXE error at app. stage 49-50 of Combo Fix. I snapped a shot from my camera for that log location, Microsoft gave the 'you can send an error report' message' but I did not. Task manager still not showing Avast.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.