Another Redirect Issue

[vh5150dt]

I have tried SuperAntiSpyware, Malwarebytes, Advanced SystemCare 4, and IObit malware fighter. All of my searches are still getting redirected and they cannot find anything.

 

I am also hearing advertisements when no browser is open and I get frequent IE script errors even after removing internet explorer from my PC.

 

How do I go about removing this? I am a little slow with computers so please explain as detailed and as easy as possible.

Thanks in advance!

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

******************************************************

I know that you used these before but I would like to see the logs.Please run them again.

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

**********************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

***********************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

 

1) DDS.txt

2) Attach.txt

 

* Save both logs to your desktop.

* Please copy and paste the entire contents of both logs in your next reply.

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

[vh5150dt]

Hi Dave,

Here is my SuperAntiSpyware log.

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 05/18/2011 at 03:39 PM

 

Application Version : 4.52.1000

 

Core Rules Database Version : 7083

Trace Rules Database Version: 4895

 

Scan type : Complete Scan

Total Scan Time : 02:30:15

 

Memory items scanned : 512

Memory threats detected : 0

Registry items scanned : 4703

Registry threats detected : 0

File items scanned : 131356

File threats detected : 19

 

Adware.Tracking Cookie

C:\Documents and Settings\owner\Cookies\owner@bridge2.admarketplace[1].txt

C:\Documents and Settings\owner\Cookies\owner@mm.chitika[2].txt

C:\Documents and Settings\owner\Cookies\owner@ads.blogtalkradio[1].txt

C:\Documents and Settings\owner\Cookies\owner@dc.tremormedia[1].txt

C:\Documents and Settings\owner\Cookies\owner@legolas-media[2].txt

C:\Documents and Settings\owner\Cookies\owner@interclick[1].txt

C:\Documents and Settings\owner\Cookies\owner@a1.interclick[1].txt

C:\Documents and Settings\owner\Cookies\owner@ads.lycos[2].txt

C:\Documents and Settings\owner\Cookies\owner@collective-media[2].txt

C:\Documents and Settings\owner\Cookies\owner@theclickcheck[1].txt

C:\Documents and Settings\owner\Cookies\owner@burstnet[1].txt

C:\Documents and Settings\owner\Cookies\owner@findology[1].txt

C:\Documents and Settings\owner\Cookies\owner@www.burstnet[2].txt

C:\Documents and Settings\owner\Cookies\owner@trafficengine[1].txt

C:\Documents and Settings\owner\Cookies\owner@ad.yieldmanager[2].txt

C:\Documents and Settings\owner\Cookies\owner@invitemedia[2].txt

media.mtvnservices.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\VZC29BZN ]

secure-us.imrworldwide.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\VZC29BZN ]

thebigpornsecret.com [ C:\Documents and Settings\owner\Application Data\Macromedia\Flash Player\#SharedObjects\VZC29BZN ]

[Superdave]

And now, the other logs from the other two scanners.

[vh5150dt]

Im working on it. Malwarebytes has been scanning for over an hour now. I can only run them one at a time right?

[Superdave]

Ok. Whenever you're ready.

[vh5150dt]

Malwarebytes' Anti-Malware 1.50.1.1100

http://www.malwarebytes.org

 

Database version: 6611

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

 

5/18/2011 6:15:50 PM

mbam-log-2011-05-18 (18-15-50).txt

 

Scan type: Full scan (C:\|F:\|G:\|)

Objects scanned: 305226

Time elapsed: 1 hour(s), 54 minute(s), 12 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[vh5150dt]

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by owner at 18:49:45.54 on Wed 05/18/2011

Internet Explorer: 6.0.2900.5512

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.416 [GMT -5:00]

.

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\lxeacoms.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

F:\Program Files\2Wire\2PortalMon.exe

C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe

C:\Program Files\Lexmark S300-S400 Series\ezprint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\owner\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll

uRun: [Advanced SystemCare 4] "c:\program files\iobit\advanced systemcare 4\ASCTray.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [uniblue ProcessQuickLink 2] "c:\program files\uniblue\processquicklink 2\ProcessQuickLink2.exe" /autostart

mRun: [2wSysTray] f:\program files\2wire\2PortalMon.exe

mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe"

mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280868968468

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\6ljq1khd.default\

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.xul.error_pages.enabled - True

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-4-23 13496]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-3 11608]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-30 352656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-3 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-3 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-3 61960]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-5-16 821080]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-5-16 30368]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-5-16 16080]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [2009-1-14 458752]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-1-13 193192]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]

S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-5-16 239472]

S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wnda3100\jswpsapi.exe [2008-2-27 360547]

.

=============== File Associations ===============

.

scrfile="%1" /S

.

=============== Created Last 30 ================

.

2011-05-18 21:17:03 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes

2011-05-18 21:16:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 21:16:52 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 21:16:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-15 06:51:03 -------- d-----w- c:\docume~1\owner\applic~1\Uniblue

2011-05-15 06:49:53 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PackageAware

2011-05-15 06:36:09 -------- d-----w- c:\program files\Uniblue

2011-05-15 03:42:44 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com

2011-05-15 03:42:32 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-10 08:24:48 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-10 07:47:42 -------- d-----w- c:\docume~1\owner\applic~1\Avira

2011-05-10 07:46:07 -------- d-----w- c:\windows\system32\MpEngineStore

2011-05-09 21:43:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeReturner

2011-05-08 18:55:57 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-08 18:55:57 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-08 18:55:56 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-08 18:55:56 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-08 18:55:56 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-08 18:55:55 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-08 18:55:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-08 18:55:54 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-04-30 17:35:12 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Ahead

2011-04-30 14:57:37 -------- d-----w- c:\program files\iPod

2011-04-30 14:57:32 -------- d-----w- c:\program files\iTunes

2011-04-30 14:53:45 -------- d-----w- c:\program files\Bonjour

2011-04-27 16:44:11 -------- d-----w- c:\windows\system32\NtmsData

2011-04-23 14:18:20 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-04-23 14:18:18 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

.

==================== Find3M ====================

.

2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 21:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45:07 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

.

============= FINISH: 18:50:48.12 ===============

[vh5150dt]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 8/3/2010 2:24:49 PM

System Uptime: 5/17/2011 10:39:52 PM (20 hours ago)

.

Motherboard: Intel Corporation | | D850EMV2

Processor: Intel® Pentium® 4 CPU 2.00GHz | J4K2 | 1994/100mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 128 GiB total, 112.611 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is FIXED (NTFS) - 145 GiB total, 109.105 GiB free.

G: is FIXED (FAT32) - 4 GiB total, 1.68 GiB free.

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Multimedia Audio Controller

Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_00511102&REV_03\4&11CD5334&0&50F0

Manufacturer:

Name: Multimedia Audio Controller

PNP Device ID: PCI\VEN_1102&DEV_0004&SUBSYS_00511102&REV_03\4&11CD5334&0&50F0

Service:

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: PCI Input Device

Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&11CD5334&0&51F0

Manufacturer:

Name: PCI Input Device

PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&11CD5334&0&51F0

Service:

.

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&3A2C8C4B&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&3A2C8C4B&0

Service: i8042prt

.

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}

Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

Device ID: ACPI\PNP0303\4&3A2C8C4B&0

Manufacturer: (Standard keyboards)

Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&3A2C8C4B&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP90: 2/18/2011 3:24:41 AM - System Checkpoint

RP91: 2/19/2011 4:24:41 AM - System Checkpoint

RP92: 2/20/2011 5:24:42 AM - System Checkpoint

RP93: 2/21/2011 6:24:42 AM - System Checkpoint

RP94: 2/22/2011 7:24:42 AM - System Checkpoint

RP95: 2/23/2011 8:24:42 AM - System Checkpoint

RP96: 2/24/2011 3:00:15 AM - Software Distribution Service 3.0

RP97: 2/25/2011 3:35:06 AM - System Checkpoint

RP98: 2/26/2011 4:22:36 AM - System Checkpoint

RP99: 2/27/2011 5:22:37 AM - System Checkpoint

RP100: 2/28/2011 6:22:36 AM - System Checkpoint

RP101: 3/1/2011 7:22:36 AM - System Checkpoint

RP102: 3/2/2011 8:22:36 AM - System Checkpoint

RP103: 3/3/2011 9:22:36 AM - System Checkpoint

RP104: 3/4/2011 10:22:37 AM - System Checkpoint

RP105: 3/5/2011 11:22:36 AM - System Checkpoint

RP106: 3/6/2011 12:22:37 PM - System Checkpoint

RP107: 3/7/2011 1:22:37 PM - System Checkpoint

RP108: 3/8/2011 2:22:37 PM - System Checkpoint

RP109: 3/9/2011 3:22:37 PM - System Checkpoint

RP110: 3/10/2011 3:00:16 AM - Software Distribution Service 3.0

RP111: 3/11/2011 3:22:37 AM - System Checkpoint

RP112: 3/12/2011 4:22:37 AM - System Checkpoint

RP113: 3/13/2011 5:26:20 AM - System Checkpoint

RP114: 3/14/2011 6:26:19 AM - System Checkpoint

RP115: 3/15/2011 7:15:46 AM - System Checkpoint

RP116: 3/16/2011 7:26:20 AM - System Checkpoint

RP117: 3/17/2011 8:26:20 AM - System Checkpoint

RP118: 3/18/2011 9:26:20 AM - System Checkpoint

RP119: 3/19/2011 10:26:19 AM - System Checkpoint

RP120: 3/20/2011 1:59:04 PM - System Checkpoint

RP121: 3/21/2011 2:32:44 PM - System Checkpoint

RP122: 3/22/2011 2:33:03 PM - System Checkpoint

RP123: 3/23/2011 2:34:08 PM - System Checkpoint

RP124: 3/24/2011 3:00:14 AM - Software Distribution Service 3.0

RP125: 3/25/2011 3:33:04 AM - System Checkpoint

RP126: 3/26/2011 4:03:52 AM - System Checkpoint

RP127: 3/27/2011 4:41:48 AM - System Checkpoint

RP128: 3/28/2011 5:03:51 AM - System Checkpoint

RP129: 3/29/2011 6:03:51 AM - System Checkpoint

RP130: 3/30/2011 7:03:51 AM - System Checkpoint

RP131: 3/31/2011 7:15:52 AM - System Checkpoint

RP132: 4/1/2011 7:21:53 AM - System Checkpoint

RP133: 4/2/2011 8:21:54 AM - System Checkpoint

RP134: 4/3/2011 8:43:29 AM - System Checkpoint

RP135: 4/4/2011 9:16:17 AM - System Checkpoint

RP136: 4/5/2011 9:59:29 AM - System Checkpoint

RP137: 4/7/2011 6:54:10 AM - System Checkpoint

RP138: 4/8/2011 7:17:05 AM - System Checkpoint

RP139: 4/9/2011 8:17:04 AM - System Checkpoint

RP140: 4/10/2011 8:42:26 AM - System Checkpoint

RP141: 4/11/2011 9:42:26 AM - System Checkpoint

RP142: 4/12/2011 10:42:25 AM - System Checkpoint

RP143: 4/13/2011 3:00:18 AM - Software Distribution Service 3.0

RP144: 4/14/2011 3:19:19 AM - System Checkpoint

RP145: 4/15/2011 4:19:20 AM - System Checkpoint

RP146: 4/16/2011 5:19:21 AM - System Checkpoint

RP147: 4/17/2011 6:19:21 AM - System Checkpoint

RP148: 4/18/2011 7:19:20 AM - System Checkpoint

RP149: 4/18/2011 10:42:59 AM - Installed TI Connect 1.6

RP150: 4/19/2011 11:42:24 AM - System Checkpoint

RP151: 4/20/2011 12:42:23 PM - System Checkpoint

RP152: 4/21/2011 3:00:14 AM - Software Distribution Service 3.0

RP153: 4/22/2011 3:42:24 AM - System Checkpoint

RP154: 4/23/2011 4:42:24 AM - System Checkpoint

RP155: 4/24/2011 5:39:32 AM - System Checkpoint

RP156: 4/25/2011 8:19:35 AM - System Checkpoint

RP157: 4/26/2011 8:39:32 AM - System Checkpoint

RP158: 4/27/2011 3:00:15 AM - Software Distribution Service 3.0

RP159: 4/28/2011 3:28:50 AM - System Checkpoint

RP160: 4/29/2011 3:44:09 AM - System Checkpoint

RP161: 4/30/2011 1:00:33 AM - Installed %1 %2.

RP162: 4/30/2011 1:00:54 AM - Installed Windows XP Update for Microsoft Windows (KB971513).

RP163: 4/30/2011 1:01:47 AM - Installed Windows XP KB2492386.

RP164: 5/1/2011 1:16:23 AM - System Checkpoint

RP165: 5/2/2011 2:16:07 AM - System Checkpoint

RP166: 5/3/2011 2:25:57 AM - System Checkpoint

RP167: 5/4/2011 3:25:57 AM - System Checkpoint

RP168: 5/5/2011 4:12:53 AM - System Checkpoint

RP169: 5/6/2011 5:12:52 AM - System Checkpoint

RP170: 5/7/2011 5:26:58 AM - System Checkpoint

RP171: 5/8/2011 10:13:01 AM - System Checkpoint

RP172: 5/9/2011 11:02:43 AM - System Checkpoint

RP173: 5/10/2011 3:00:32 AM - Restore Operation

RP174: 5/10/2011 6:51:55 AM - Software Distribution Service 3.0

RP175: 5/11/2011 12:11:04 PM - Software Distribution Service 3.0

RP176: 5/12/2011 6:49:34 PM - System Checkpoint

RP177: 5/14/2011 12:06:37 AM - Removed Microsoft Silverlight

RP178: 5/14/2011 12:07:42 AM - Removed TI Connect 1.6

RP179: 5/15/2011 12:36:49 AM - System Checkpoint

RP180: 5/16/2011 8:22:45 AM - System Checkpoint

RP181: 5/17/2011 3:42:35 PM - System Checkpoint

RP182: 5/18/2011 4:00:26 PM - System Checkpoint

.

==== Installed Programs ======================

.

ABBYY FineReader 6.0 Sprint

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.1

Advanced SystemCare 4

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Avira AntiVir Personal - Free Antivirus

Bonjour

Compact Wireless-G USB Adapter

Definition update for Microsoft Office 2010 (KB982726)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

IObit Malware Fighter

iTunes

Lexmark Printable Web

Lexmark S300-S400 Series

Malwarebytes' Anti-Malware

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Software Update for Web Folders (English) 14

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 4.0.1 (x86 en-US)

Nero OEM

NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100

PowerDVD

QuickTime

Security Update for Microsoft Excel 2010 (KB2466146)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2289161)

Security Update for Microsoft PowerPoint 2010 (KB2519975)

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft Word 2010 (KB2345000)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360131)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2416400)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2497640)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Smart Defrag 2

SUPERAntiSpyware

Uniblue ProcessQuickLink 2

Uniblue ProcessScanner

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2413186)

Update for Microsoft OneNote 2010 (KB2493983)

Update for Microsoft Outlook Social Connector (KB2441641)

Update for Microsoft Windows (KB971513)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Media Format 11 runtime

Windows Media Player 11

WNDA3100

.

==== Event Viewer Messages From Past Week ========

.

5/14/2011 12:16:36 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}

5/14/2011 12:07:02 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

5/14/2011 12:03:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

5/14/2011 12:03:24 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxeaCATSCustConnectService service to connect.

5/14/2011 12:03:24 AM, error: Service Control Manager [7000] - The lxeaCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/14/2011 11:31:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/14/2011 10:29:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips i8042prt intelppm ssmdrv

5/14/2011 10:28:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/11/2011 11:38:46 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{4C4AD6D5-AD2A-4E73-9584-4061809AC686} because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

[Superdave]

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

[vh5150dt]

Dave,

I cannot get combofix.exe to run. I run the file from the desktop and it goes for a few seconds but then it disappears from my task bar. I also opened to task manager to run it from there but the same thing happens. What is the problem?

[vh5150dt]

Yeah i cant get it to run at all. Ive looked at the how to use it guide. I never even get a window with a blue screen as it shows. A little tiny rectangle comes up in the center of my screen and green bars go across it like it is loading. When it finishes that, it disappears. I have tried deleting it and re-downloading it. Still not working.

[Superdave]

Ok. Please try this. An infection could be blocking it.

 

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

 

Navigate to Start --> Run, and enter the following command exactly as shown:

 

"%userprofile%\desktop\blackpudding.bat" /killall

 

See if ComboFix will run now

[vh5150dt]

I tried something similar to that before I read your post. I have it opened. A window popped up that said Volsnap.sys was rooted or something and it was going to disinfect it and itll take several minutes. Does that sound right?

[vh5150dt]

ComboFix 11-05-17.03 - owner 05/18/2011 22:15:20.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.694 [GMT -5:00]

Running from: c:\documents and settings\owner\Desktop\work.exe

AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Thumbs.db

c:\windows\system32\Thumbs.db

G:\Autorun.inf

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :p

.

((((((((((((((((((((((((( Files Created from 2011-04-19 to 2011-05-19 )))))))))))))))))))))))))))))))

.

.

2011-05-19 01:10 . 2011-05-19 01:39 -------- d-----w- C:\32788R22FWJFW.0.tmp

2011-05-19 00:31 . 2011-05-19 01:05 -------- d-----w- C:\ComboFix

2011-05-18 21:17 . 2011-05-18 21:17 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes

2011-05-18 21:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-18 21:16 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-18 21:16 . 2011-05-18 21:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-15 06:51 . 2011-05-15 06:51 -------- d-----w- c:\documents and settings\owner\Application Data\Uniblue

2011-05-15 06:49 . 2011-05-15 06:49 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\PackageAware

2011-05-15 06:36 . 2011-05-15 07:37 -------- d-----w- c:\program files\Uniblue

2011-05-15 03:42 . 2011-05-15 03:42 -------- d-----w- c:\documents and settings\owner\Application Data\SUPERAntiSpyware.com

2011-05-15 03:42 . 2011-05-15 03:42 -------- d-----w- c:\program files\SUPERAntiSpyware

2011-05-10 08:24 . 2011-05-10 08:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-10 07:47 . 2011-05-10 07:47 -------- d-----w- c:\documents and settings\owner\Application Data\Avira

2011-05-10 07:46 . 2011-05-10 07:46 -------- d-----w- c:\windows\system32\MpEngineStore

2011-05-09 21:43 . 2011-05-10 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SafeReturner

2011-05-08 18:55 . 2011-05-08 18:55 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll

2011-05-08 18:55 . 2011-05-08 18:55 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll

2011-05-08 18:55 . 2011-05-08 18:55 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll

2011-05-08 18:55 . 2011-05-08 18:55 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll

2011-05-08 18:55 . 2011-05-08 18:55 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll

2011-05-08 18:55 . 2011-05-08 18:55 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll

2011-05-08 18:55 . 2011-05-08 18:55 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll

2011-05-08 18:55 . 2011-05-08 18:55 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll

2011-04-30 17:35 . 2011-04-30 17:35 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\Ahead

2011-04-30 14:57 . 2011-05-10 07:48 -------- d-----w- c:\program files\iPod

2011-04-30 14:57 . 2011-05-10 07:48 -------- d-----w- c:\program files\iTunes

2011-04-30 14:53 . 2011-05-10 07:48 -------- d-----w- c:\program files\Bonjour

2011-04-27 16:44 . 2011-05-14 06:33 -------- d-----w- c:\windows\system32\NtmsData

2011-04-23 14:18 . 2011-02-23 21:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-04-23 14:18 . 2011-02-23 22:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-06 21:20 . 2011-04-06 21:20 91424 ----a-w- c:\windows\system32\dnssd.dll

2011-04-06 21:20 . 2011-04-06 21:20 75040 ----a-w- c:\windows\system32\jdns_sd.dll

2011-04-06 21:20 . 2011-04-06 21:20 197920 ----a-w- c:\windows\system32\dnssdX.dll

2011-04-06 21:20 . 2011-04-06 21:20 107808 ----a-w- c:\windows\system32\dns-sd.exe

2011-03-16 21:23 . 2010-08-03 20:41 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-03-11 14:10 . 2008-04-14 10:41 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:33 . 2010-08-03 19:20 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:45 . 2008-04-14 10:42 434176 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:21 . 2008-04-14 06:00 1857920 ----a-w- c:\windows\system32\win32k.sys

2011-02-18 22:36 . 2010-12-27 15:48 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2011-02-18 22:36 . 2010-12-27 15:48 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-08 18:55 . 2011-05-08 18:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2009-02-25 . 8FCF3A8C83D93FA7BD01574DBD861786 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-21 402832]

"Uniblue ProcessQuickLink 2"="c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe" [2008-04-02 655640]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"2wSysTray"="f:\program files\2Wire\2PortalMon.exe" [2004-05-25 393216]

"lxeamon.exe"="c:\program files\Lexmark S300-S400 Series\lxeamon.exe" [2010-05-05 770728]

"EzPrint"="c:\program files\Lexmark S300-S400 Series\ezprint.exe" [2010-05-05 148280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2011-05-12 4379480]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"_nltide_3"="advpack.dll" [2008-04-14 99840]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WNDA3100 Smart Wizard.lnk]

backup=c:\windows\pss\NETGEAR WNDA3100 Smart Wizard.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2wSysTray]

2004-05-25 11:24 393216 ----a-w- f:\program files\2Wire\2PortalMon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2010-11-03 08:26 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 15:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"WMPNetworkSvc"=3 (0x3)

"osppsvc"=3 (0x3)

"ose"=3 (0x3)

"McComponentHostService"=3 (0x3)

"jswpsapi"=3 (0x3)

"Bonjour Service"=2 (0x2)

"AntiVirService"=2 (0x2)

"AntiVirSchedulerService"=2 (0x2)

"ACS"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\WINDOWS\\system32\\lxeacoms.exe"=

"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [4/23/2011 9:18 AM 13496]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [4/30/2011 12:38 AM 352656]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/3/2010 3:41 PM 136360]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [5/16/2011 7:06 AM 821080]

R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]

R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 5:45 PM 57440]

R3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WNDA31.sys [1/14/2009 3:23 AM 458752]

S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [1/13/2011 5:06 PM 193192]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 1:10 PM 17149]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [5/16/2011 7:06 AM 30368]

S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\Safe Returner\RegKernelHelp.sys --> c:\program files\Safe Returner\RegKernelHelp.sys [?]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [5/16/2011 7:06 AM 16080]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [5/16/2011 7:06 AM 239472]

S4 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WNDA3100\jswpsapi.exe [2/27/2008 12:54 PM 360547]

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 17:50]

.

2011-05-06 c:\windows\Tasks\ASC4_AutoCare.job

- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-04-30 21:54]

.

2011-05-19 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-04-30 21:54]

.

2011-05-18 c:\windows\Tasks\ASC4_AutoUpdate.job

- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-04-30 21:54]

.

2011-05-19 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-30 21:54]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\6ljq1khd.default\

FF - user.js: browser.cache.memory.capacity - 16000

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 4095

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 1000000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 1000000

FF - user.js: dom.disable_window_status_change - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 1000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

FF - user.js: browser.xul.error_pages.enabled - True

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe

AddRemove-Office14.SingleImage - c:\program files\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 22:20

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1524)

c:\windows\system32\GTGina.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

Completion time: 2011-05-18 22:23:03

ComboFix-quarantined-files.txt 2011-05-19 03:23

.

Pre-Run: 121,236,819,968 bytes free

Post-Run: 121,463,185,408 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 7A87A304CD730AEF2C979B499A16EF6B

[vh5150dt]

All of the problems seem to have stopped. Is there anything else I need to do?

[Superdave]

A window popped up that said Volsnap.sys was rooted or something and it was going to disinfect it and itll take several minutes. Does that sound right?

Yes, I can see where the file was infected and cleaned.

All of the problems seem to have stopped. Is there anything else I need to do?

Yes. A few more scans.

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    

  [*]At the bottom of the page

  • Hidden Objects Only << Selected
    

  [*]Click on the Create Log button on the bottom right.

  [*]After a few seconds a new window should appear.

  [*]Select Scan Root Drive. Click on the Start button.

  [*]When it is complete a new window will appear to indicate that the scan is finished.

  [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[vh5150dt]

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

No Hidden Kernel Modules found

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwCreateKey

Address: F7F030CE

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwCreateThread

Address: F7F030C4

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteKey

Address: F7F030D3

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwDeleteValueKey

Address: F7F030DD

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwLoadKey

Address: F7F030E2

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenProcess

Address: F7F030B0

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwOpenThread

Address: F7F030B5

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwReplaceKey

Address: F7F030EC

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwRestoreKey

Address: F7F030E7

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

Function Name: ZwSetValueKey

Address: F7F030D8

Driver Base: 0

Driver End: 0

Driver Name: _unknown_

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[vh5150dt]

C:\Documents and Settings\owner\My Documents\Downloads\registryboosterplc.exe Win32/RegistryBooster application deleted - quarantined

C:\System Volume Information\_restore{9C949BE5-B186-420B-81EB-7C1AE06DE5BA}\RP179\A0026940.rbf Win32/RegistryBooster application cleaned by deleting - quarantined

C:\System Volume Information\_restore{9C949BE5-B186-420B-81EB-7C1AE06DE5BA}\RP179\A0026941.rbf Win32/RegistryBooster application cleaned by deleting - quarantined

C:\System Volume Information\_restore{9C949BE5-B186-420B-81EB-7C1AE06DE5BA}\RP179\A0026942.rbf Win32/RegistryBooster application cleaned by deleting - quarantined

C:\System Volume Information\_restore{9C949BE5-B186-420B-81EB-7C1AE06DE5BA}\RP179\A0026943.rbf Win32/RegistryBooster application cleaned by deleting - quarantined

C:\System Volume Information\_restore{9C949BE5-B186-420B-81EB-7C1AE06DE5BA}\RP179\A0026944.rbf Win32/RegistryBooster application cleaned by deleting - quarantined

[Superdave]

That's looks great. If there are no other issues, we can do some cleanup.You can keep SAS and MBAM, if you wish. Update them and run them on a regular basis.

 

To uninstall ComboFix

 

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

*********************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

******************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

 

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

 

Remember only install ONE firewall

 

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)

2) Online Armor

3) Agnitum Outpost

4) PC Tools Firewall Plus

 

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

*****************************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

Please run this scan for Adm. purposes.

 

* Open IObit Security 360.

* Click the Update button and download any available updates.

* Choose Quarantine threats when removing them in Scan Parameters of Scan Setting in Options.

* Click Apply and OK buttons.

* Next (on the left) click the Scan button.

* Choose the Full Scan (Scan all hard drives in your computer) option to begin the scan.

* Once the scan has completed click Remove

* Next click Save a Report

* Post the IObit Security 360.log in your next reply.

[vh5150dt]

Thank you so much for everything Dave. Its people like you who help me see that the world isn't just full of a bunch of @$$holes with nothing better to do then ruin peoples computers. I appreciate your help so much.

[Superdave]

Thank you so much for everything Dave. Its people like you who help me see that the world isn't just full of a bunch of @$$holes with nothing better to do then ruin peoples computers. I appreciate your help so much.

Actually, I am an @$$hole. At least, that's what my hockey buddies call me. Your welcome and stay safe.