Win32 Malware-gen still infected? Can't access programs

August 11, 2012 at 07:15:31
Specs: Windows XP, AMD Athlon 64 bit/2GB RAM
Hi! Please help. I have been trying to get rid of a virus on my PC but I'm not sure I've been successful. It first stopped my antivirus from working, then wouldn't allow me to access anti-virus websites. When I managed to scan with avast it came up with win32 mal-gen & droppers. I have scanned with malwarebytes, superantispyware & CClean. When I tried to system restore I find I can only run programs in safemode. The C drive doesn't appear to be there when I log in normally. I tried restoring windows. I scanned again & didn't find much but I don't really know what I'm doing & worried I'm just making things worse. If I can have some advice, I'd be really grateful.
I have more docs to attach with scan results etc but can't see how to do that but here's DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 11:23:42 on 2012-08-11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1641 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\aimee comley\local settings\application data\vixpeqbh\ekeaqkxr.exe,
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [EkeAqkxr] c:\documents and settings\aimee comley\local settings\application data\vixpeqbh\ekeaqkxr.exe
uRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111\wn111.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carrie broad\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: secuload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-3 744568]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110723.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110723.001\BHDrvx86.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-3 136312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
S2 NIS;Norton Internet Security; [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-7-1 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys --> c:\windows\system32\drivers\avgidsfilterx.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-6-18 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110811.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110811.030\IDSxpx86.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-4 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-11 40776]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\NAVEX15.SYS [?]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
SUnknown avgfws;avgfws; [x]
SUnknown AVGIDSAgent;AVGIDSAgent; [x]
SUnknown avgwd;avgwd; [x]
SUnknown vToolbarUpdater11.2.0;vToolbarUpdater11.2.0; [x]
.
=============== Created Last 30 ================
.
2012-08-11 10:15:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-08-10 19:33:42 -------- d-s---w- c:\documents and settings\administrator.aimee\UserData
2012-08-10 18:02:24 54016 ----a-w- c:\windows\system32\drivers\gktnx.sys
2012-08-10 15:35:36 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Mobipocket
2012-08-10 14:54:12 -------- d-----w- c:\documents and settings\administrator.aimee\application data\SUPERAntiSpyware.com
2012-08-10 14:07:39 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Malwarebytes
2012-08-10 13:19:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-08-10 13:15:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-10 13:01:03 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-10 13:00:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 13:00:28 13753 ----a-r- c:\windows\SET15F.tmp
2012-08-10 13:00:25 1086058 ----a-r- c:\windows\SET153.tmp
2012-08-10 13:00:22 1042903 ----a-r- c:\windows\SET150.tmp
2012-08-10 10:03:20 -------- d-----w- c:\windows\setup.pss
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22:54 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22:54 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22:54 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22:54 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10:46 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:29 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17:14 -------- d-----w- c:\documents and settings\all users\application data\Tenebril
2012-08-09 21:17:10 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18:43 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:17:53 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46:05 -------- d-----w- C:\PerfLogs
2012-08-04 16:52:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-04 09:35:38 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-04 07:55:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 07:55:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 07:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 06:37:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-03 22:48:49 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 08:22:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-03 06:48:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09:07 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09:07 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 04:32:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 11:24:18.96 ===============


See More: Win32 Malware-gen still infected? Cant access programs

Report •


#1
August 11, 2012 at 14:42:08
Thanks Aimee1

Run ESET & post the log please.

http://www.eset.eu/online-scanner
http://www.eset.com/us/online-scanner
Why Would I Ever Need an Online Virus Scanner?
I already have an antivirus program installed, isn't that enough?
http://www.squidoo.com/the-best-fre...
Once onto a machine, malware can disable antivirus programs, prevent antimalware programs from downloading updates, or prevent a user from running antivirus scans or installing new antivirus software or malware removal tools. At this point even though you are aware the computer is infected, removal is very difficult.
How can I view the log file from ESET Online Scanner?
http://www.eset.eu/eset-online-scan...
The ESET Online Scanner saves a log file after running, which can be examined or sent in to ESET for further analysis. The path to the log file is "C:\Program Files\EsetOnlineScanner\log.txt". You can view this file by navigating to the directory and double-clicking on it in Windows Explorer, or by copying and pasting the path specification above (including the quotation marks) into the Start ? Run dialog box from the Start Menu on the desktop.


Report •

#2
August 11, 2012 at 14:51:49
do you have that downloadable pls? I tried but I can only get google on infected PC so I'll have to save it on my laptop & transfer it to the infected PC.

Report •

#3
August 11, 2012 at 15:39:52
"do you have that downloadable pls?"

It's in the link I gave you.

Click on > Run ESET Online Scanner, you then get the exe.


Report •

Related Solutions

#4
August 11, 2012 at 17:47:47
can not get update. is proxy configured?

Report •

#5
August 11, 2012 at 18:13:42
doesn't it need internet to run?

Report •

#6
August 11, 2012 at 18:24:30
Work your way through this very good guide.

You may have to download the exe & put it on a thumb drive.

http://www.selectrealsecurity.com/m...


Report •

#7
August 12, 2012 at 02:05:24
As you probably have noticed from the guide, use Safe mode or Safe mode with networking to run programs.

If you get stuck, let us know.


Report •

#8
August 12, 2012 at 02:24:48
Thanks JohnW That removal guide is really easy to use & helpful! I followed instructions & found a few more malware. After that I ran Eset & it came out clear so I restarted & tried to log in normally. Unfortunately I got a blank blue screen, which I guess means I'm missing icons etc so I'm about to follow instructions on the removal guide to fix that........

Report •

#9
August 12, 2012 at 02:36:39
"That removal guide is really easy to use & helpful!"
That's very good news Aimee1.

You are very heavily infected & there are some things the guide dos'nt cover.

Screenshot of System please. Start > Control Panel > System
http://screenshots.leeindy.com/syst...

Upload the screenshot to this site & post the link here.
http://imgur.com


Report •

#10
August 12, 2012 at 02:53:33
Please help. I used unhide but it didn't work. If I log in normally I just get a blank blue screen. I can get task manager with CTRL ALT DEL but there's nothing in the user info. What should I do now? Should I follow steps to fix windows start up? My problem isn't exactly as described in it. run windows repair? Please advise

Report •

#11
August 12, 2012 at 02:58:27
"If I log in normally"
Have you tried Safe mode?

"run windows repair?"
No.

What country are you in ( I'm in Western Australia ) & how much time right now can you stay with me. I'm prepared to put 2 or 3 hours in now.


Report •

#12
August 12, 2012 at 03:07:56
sorry to be stupid but how do i do the screen shot? Do I need to download leeindy? I tried looking at website on the link but I don't understand how it works

Report •

#13
August 12, 2012 at 03:10:24
I'm in the UK & happy to have your help for an hour or 2. thank you for your time.

safe mode still works fine. It's the only way I've been able to use my PC.


Report •

#14
August 12, 2012 at 03:14:11
"I don't understand how it works"
That is a sample of the what I want you to do, You do nothing with it, other than look at it.

"but how do i do the screen shot?"
Read your Windows help file, use Google
Or,
Screen Capture ( make sure you select jpeg or GIF, anything else is a bigger size )
http://www.microsoft.com/windowsxp/...
http://askbobrankin.com/take_a_scre...
http://graphicssoft.about.com/cs/ge...
http://www.wikihow.com/Take-a-Scree...
http://www.ehow.com/how_4725692_scr...
If you are in any windows based program, just hit the Print Screen key on your keyboard ( or Ctrl + V ) and you have a full screenshot.
If you hold down the 'Alt' key with the Print Screen key, you will capture only the window that is on your screen, not the whole desk top.
This sends it to Clipboard, now you can Paste it into Paint ( go to Edit ) or any other Windows based graphics program.
1: Have nothing open on the screen other than what you want to show me. More than one screenshot is Ok, if you feel it is needed.
2: Press > Print Screen.
3: Start > All Programs > Accessories > click on > Paint
4: Paint should now be open. Click on Edit & then Paste.
5: Click on > File
Save as...
Save as type, select JPEG etc.
I always save everything to the desktop, so I don't have to go looking for it. Later on, I move things to where I want them or delete them.


Report •

#15
August 12, 2012 at 03:19:19
"I'm in the UK & happy to have your help for an hour or 2"

Ok, when you have had enough of a session, let me know & I will do the same for you. That way we are not waiting.


Report •

#16
August 12, 2012 at 03:23:58
Is this what you wanted? http://imgur.com/0nfGi lol I just saw your reply about how to do it. sorry for confusion I thought there was some interactive screenshot program or something

Report •

#17
August 12, 2012 at 03:26:05
"Is this what you wanted? http://imgur.com/0nfGi"
Perfect.

From the guide, did you run TDSS?
Did you click on the link for when it won't run?
http://www.selectrealsecurity.com/s...
If not, do so & post the log please.


Report •

#18
August 12, 2012 at 03:32:39
yes I ran tdss & hitmanpro & eset. tdss didn't find anything. It was hitmanpro that found the remaining malware. then I ran eset & it said I was clear. Do you still think I have a virus? I thought I was just dealing with the problems left by it

Report •

#19
August 12, 2012 at 03:43:06
"then I ran eset & it said I was clear"
Maybe, it takes a lot of programs quite often to get rid of the remnants.

Run DDS again & post the log please.


Report •

#20
August 12, 2012 at 03:53:09
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 11:46:13 on 2012-08-12
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1733 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: Norton Internet Security *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WN111\wn111.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mobipocket.com\Mobipocket Reader\reader.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111\wn111.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carrie broad\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: computing.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{31807E15-2156-4B8E-AF54-A6EE95BA72B2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: secuload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-3 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-3 744568]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S0 bvnuc;bvnuc;c:\windows\system32\drivers\gktnx.sys --> c:\windows\system32\drivers\gktnx.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys --> c:\windows\system32\drivers\avgldx86.sys [?]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys --> c:\windows\system32\drivers\avgmfx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
S1 BHDrvx86;BHDrvx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110723.001\bhdrvx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110723.001\BHDrvx86.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-3 136312]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-4 655944]
S2 NIS;Norton Internet Security; [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-7-1 101904]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys --> c:\windows\system32\drivers\avgidsdriverx.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys --> c:\windows\system32\drivers\avgidsfilterx.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-6-18 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 IDSxpx86;IDSxpx86;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110811.030\idsxpx86.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110811.030\IDSxpx86.sys [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-8-4 35144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-4 22344]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110811.051\NAVEX15.SYS [?]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2012-08-12 07:42:07 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-11 18:38:15 -------- d-----w- c:\documents and settings\administrator.aimee\Tracing
2012-08-10 19:33:42 -------- d-s---w- c:\documents and settings\administrator.aimee\UserData
2012-08-10 15:35:36 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Mobipocket
2012-08-10 14:54:12 -------- d-----w- c:\documents and settings\administrator.aimee\application data\SUPERAntiSpyware.com
2012-08-10 14:07:39 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Malwarebytes
2012-08-10 13:19:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-08-10 13:15:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-10 13:01:03 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-10 13:00:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 13:00:28 13753 ----a-r- c:\windows\SET15F.tmp
2012-08-10 13:00:25 1086058 ----a-r- c:\windows\SET153.tmp
2012-08-10 13:00:22 1042903 ----a-r- c:\windows\SET150.tmp
2012-08-10 10:03:20 -------- d-----w- c:\windows\setup.pss
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22:54 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22:54 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22:54 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22:54 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10:46 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:29 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17:14 -------- d-----w- c:\documents and settings\all users\application data\Tenebril
2012-08-09 21:17:10 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18:43 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:17:53 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46:05 -------- d-----w- C:\PerfLogs
2012-08-04 16:52:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-04 09:35:38 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-04 07:55:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-04 07:55:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 07:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 06:37:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-03 22:48:49 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 08:22:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-03 06:48:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09:07 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09:07 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 04:32:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 11:48:20.56 ===============

Report •

#21
August 12, 2012 at 03:53:39
Do you want the 2nd part too?

Report •

#22
August 12, 2012 at 04:00:42
Ok, lets start by removing all traces of paladin antivirus removal ( Paladin Antivirus is a rogue anti-spyware program from the same family as Malware Defense )
http://is.gd/0rK8CN
http://www.bleepingcomputer.com/vir...

Report •

#23
August 12, 2012 at 04:29:33
"Do you want the 2nd part too?"

No, I wanted to see if paladin antivirus was still there, when we remove it, I will have the 2 parts of DDS.


Report •

#24
August 12, 2012 at 04:31:40
We are having storms here, just lost my internet for 1/2 an hour.

Report •

#25
August 12, 2012 at 05:00:27
Sounds exciting! Well I'm running the scan but it's going to take a while. Shall I run DDS again when it finishes & let you have both parts?

Report •

#26
August 12, 2012 at 05:08:03
What if it doesn't find anything? It hasn't so far & didn't when I ran it before?

Report •

#27
August 12, 2012 at 05:08:05
A final check for paladin antivirus, just to make sure, can be done manually.
It is on the bottom of the link.

Associated Paladin Antivirus Files:

%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Paladin Antivirus.lnk
%UserProfile%\Desktop\Paladin Antivirus Support.lnk
%UserProfile%\Desktop\Paladin Antivirus.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus Support.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Paladin Antivirus.lnk
%UserProfile%\Start Menu\Programs\Paladin Antivirus\Uninstall Paladin Antivirus.lnk
c:\Program Files\Paladin Antivirus
c:\Program Files\Paladin Antivirus\help.ico
c:\Program Files\Paladin Antivirus\pav.db
c:\Program Files\Paladin Antivirus\pav.exe
c:\Program Files\Paladin Antivirus\pavext.dll
c:\Program Files\Paladin Antivirus\phook.dll
c:\Program Files\Paladin Antivirus\uninstall.exe

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\<Current User> for Windows 2000/XP, C:\Users\<Current User> for Windows Vista/7, and c:\winnt\profiles\<Current User> for Windows NT.

Associated Paladin Antivirus Windows Registry Information:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Paladin Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus

Demystifying the Windows Registry
http://www.bleepingcomputer.com/tut...


Report •

#28
August 12, 2012 at 05:16:04
Ok, so I would hunt for them & delete them?

Report •

#29
August 12, 2012 at 05:17:29
Quick scan is all that is needed most of the time, on AV's, SuperAntiSpyware & MBAM.

Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#30
August 12, 2012 at 05:18:44
"Ok, so I would hunt for them & delete them?"
Exactly,

Report •

#31
August 12, 2012 at 05:23:04
Scan's finished - nothing found, so I'm going on a hunt......

Report •

#32
August 12, 2012 at 05:38:15
Huh I can't access start menu on my user Aimee Comley, which is what my log in is I think. Do you know how to fix that?

Report •

#33
August 12, 2012 at 05:41:21
"Huh I can't access start menu on my user Aimee Comley, which is what my log in is I think. Do you know how to fix that?"
Are you talking safe mode?

Report •

#34
August 12, 2012 at 05:47:01
Yes, I still can't get it to work when I log in normally so I'm on as administrator in safe mode. This may have something to do with why I can't get it to work when I log in normaly?

Report •

#35
August 12, 2012 at 05:51:14
That's right, but that issue will have to wait.

As long as we can get into Safe mode, we can do fixes.

Have you done the hunting?


Report •

#36
August 12, 2012 at 05:52:53
I have finished looking & found nothing. If Paladin is there, it is in the start menu I can't access or it's in a file HKEY I don't know to look for

Report •

#37
August 12, 2012 at 05:55:34
searched c-drive for paladin - nothing

Report •

#38
August 12, 2012 at 05:56:46
Very good.

"HKEY I don't know to look for"

Read the tutorial I gave you.


Report •

#39
August 12, 2012 at 05:58:43
checked internet & says pav files? searched for pav & I got azupnpav apps & pav.fog on system 32.

Report •

#40
August 12, 2012 at 06:01:58
I'm finished for tonight, been up since 5am, run out of gas, we are 8 hours ahead of you. Shall be back tomorrow ( Monday )

Here is what is needed to be done next, when you get through all this, post a new DDS log.

Run TFC.
http://oldtimer.geekstogo.com/TFC.exe
http://www.itxassociates.com/OT-Too...
Please double-click TFC.exe to run it. (Note: If you are running on Vista/Windows 7, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

You can only have one antivirus installed. Stick with Avast. Use the Norton & AVG removal guides below.

How can I fully remove Norton Antivirus from my system?
http://www.askdavetaylor.com/how_to...
http://www.askdavetaylor.com/how_ca...
http://www.pchell.com/virus/uninsta...
http://www.softpedia.com/get/Tweak/...
http://tinyurl.com/2d7jvst

AVG 2012 (incl. Previous Versions) Uninstall / Re-Install Instructions
http://forums.avg.com/ww-en/avg-for...

If you have trouble fully uninstalling any of the programs, use Revo, even on the remnants, refer my info below.
Revo Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.softpedia.com/progScreen...
http://www.revouninstaller.com/
If you have partially uninstalled your program, you get a message from Revo, that it can't find the uninstaller, hit Cancel & let Revo continue on, to search for the remnants.
If you get a reboot message, ignore it & do it after Revo has finished.
I use Advanced Mode. Screenshots of how to use.
http://img837.imageshack.us/slidesh...
Or,
http://i.imgur.com/Rkkna.gif
http://i.imgur.com/VonCA.gif
http://i.imgur.com/fGmmb.gif
http://i.imgur.com/pdhbV.gif
http://i.imgur.com/fIgy0.gif
http://i.imgur.com/tDH9Z.gif
http://i.imgur.com/DbfgN.gif
http://i.imgur.com/tDafK.gif
http://i.imgur.com/Bz5j9.gif
http://i.imgur.com/X5S5I.gif

Make sure your Windows XP firewall is on.
http://csg.trinhall.cam.ac.uk/tips/...
http://www.top-windows-tutorials.co...


Report •

#41
August 12, 2012 at 06:04:59
No, those are aren't it.
I know how to look for HKEY but the paladin one's aren't there, where they should be

Report •

#42
August 12, 2012 at 06:06:41
Thanks, will do. & thank you for your help. I work tomorrow so not sure how that'll work timewise but I'll post the DDS for you. Cheers!

Report •

#43
August 12, 2012 at 09:58:30
Hi JohnW I know you won't get this till tomorrow but thought I'd giive you an update for when you're back. I can't find Paladin anywhere. I also can't get rid of avg or Norton. I can't find any sign of them! Followed all instructions given & that I can find so if you have any ideas, please let me know. Hope you had a good sleep, speak soon. Cheers Aimee

Report •

#44
August 12, 2012 at 14:19:04
Back again Aimee.

"I can't find any sign of them!"
Do this please.
How to see hidden files in Windows
http://www.bleepingcomputer.com/tut...

" No, those are aren't it.
I know how to look for HKEY but the paladin one's aren't there, where they should be"
Ok, we are looking for paladin, dos'nt matter where it is hidden in the registry. The registry is no different to any other part of the comp, it has Find.

Use this to search in the registry.
RegSeeker
http://www.snapfiles.com/get/regsee...
http://www.hoverdesk.net/freeware.htm
RegSeeker is also very good for registry searching, it finds all instances of the file & lists all of them on one page. Click on > Find in registry, tick all the boxes in > Keys, put a word ( example paladin ) in > Search for: & click > Search. Now you have a list on one page, of all the registry entries for paladin.

Screenshot of Disk Management please.
How To Access Disk Management in Windows XP
http://pcsupport.about.com/od/windo...

Another DDS log please


Report •

#45
August 13, 2012 at 10:17:41
Hi JohnW sorry for long delay. I just got back from work.
OK I ran regseeker & deleted about 400 AVG HKEYS & 1 for Paladin. Then I rebooted & both Paladin & AVG are still there when I run the search again. If I try to delete them in Registry Editor I get "cannot delete Error while deleting Key". (Have to say I'm a bit nervous about deleting all these Keys. I spent hours looking them up on the internet before deleting them to make sure they weren't essential to the operating system!)
I backed up everything I deleted with Regseeker. Do I need to delete back ups too to get rid of AVG & Paladin on my PC?

I have uploaded a shot of disk management for you.

The link to show hidden folders doesn't work but I guess it's going to say Tools - Folder Options - View - show hidden files & folders? I can do that but will a search on explorer find hidden folders too? Because I've tried & nothing found.
DDS log on it's way.........


Report •

#46
August 13, 2012 at 10:23:54
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 18:18:14 on 2012-08-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1707 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uRunOnce: [SYMNRT] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/se...
uRunOnce: [StartMS] "c:\program files\creative\shared files\media sniffer\StartMS.exe" /s
uRunOnce: [CMSRegOW.exe] "c:\program files\installshield installation information\{56f3e1ff-54fe-4384-a153-6ccaba097814}\CMSRegOW.exe" /r
uRunOnce: [Inetreg] c:\program files\installshield installation information\{e2d27b84-6365-11d6-9baf-0090271af8a4}\Setup.exe /i_again -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111\wn111.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carrie broad\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: computing.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: secuload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-12 655944]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-7-1 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-6-18 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 mbamchameleon;mbamchameleon;\??\c:\windows\system32\drivers\mbamchameleon.sys --> c:\windows\system32\drivers\mbamchameleon.sys [?]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-12 22344]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2012-08-12 21:20:59 41984 ------w- c:\windows\Ctregrun.exe
2012-08-12 21:19:40 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2012-08-12 21:19:40 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2012-08-12 21:19:01 -------- d-----w- c:\program files\Creative
2012-08-12 20:39:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 11:34:06 -------- d-----w- c:\program files\Malwarebytes
2012-08-12 11:32:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 07:42:07 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-11 18:38:15 -------- d-----w- c:\documents and settings\administrator.aimee\Tracing
2012-08-10 19:33:42 -------- d-s---w- c:\documents and settings\administrator.aimee\UserData
2012-08-10 15:35:36 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Mobipocket
2012-08-10 14:54:12 -------- d-----w- c:\documents and settings\administrator.aimee\application data\SUPERAntiSpyware.com
2012-08-10 14:07:39 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Malwarebytes
2012-08-10 13:19:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-08-10 13:15:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-10 13:00:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 10:03:20 -------- d-----w- c:\windows\setup.pss
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22:54 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22:54 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22:54 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22:54 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10:46 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:29 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17:14 -------- d-----w- c:\documents and settings\all users\application data\Tenebril
2012-08-09 21:17:10 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18:43 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:17:53 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46:05 -------- d-----w- C:\PerfLogs
2012-08-04 16:52:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-04 07:55:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-04 07:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 06:37:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-03 22:48:49 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 08:22:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-03 06:48:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09:07 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09:07 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 04:32:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 18:18:24.67 ===============

Report •

#47
August 13, 2012 at 10:24:25
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 8/10/2012 14:21:14
System Uptime: 8/13/2012 01:08:13 (17 hours ago)
.
Motherboard: | | RS480-M
Processor: AMD Athlon(tm) 64 Processor 3000+ | Socket 939 | 1799/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 152.661 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is CDROM (UDF)
G: is FIXED (FAT32) - 298 GiB total, 118.904 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 536EP Modem
Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&1C88B56&0&10A4
Manufacturer: Intel Corporation
Name: Intel(R) 536EP Modem
PNP Device ID: PCI\VEN_8086&DEV_1040&SUBSYS_10008086&REV_00\4&1C88B56&0&10A4
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1C88B56&0&28A4
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&1C88B56&0&28A4
Service: RTL8023xp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_1B341019&REV_01\3&61AAA01&0&A5
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_1B341019&REV_01\3&61AAA01&0&A5
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Symantec Network Security Miniport
Device ID: ROOT\SYMC_SYMIMMP\0000
Manufacturer: Symantec
Name: Symantec Network Security Miniport
PNP Device ID: ROOT\SYMC_SYMIMMP\0000
Service: SymIMMP
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
ABC Amber LIT Converter
Ability Office 4
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.1
Adobe® Photoshop® Album Starter Edition 3.2
Alarm 2.0.4
AMD APP SDK Runtime
ATI Catalyst Install Manager
avast! Free Antivirus
Belarc Advisor 8.2
Bonjour
BT Email Configuration Tool
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
Compatibility Pack for the 2007 Office system
Creative MediaSource
DirectXInstallService
DivX Setup
Dragon Age: Origins
Easy Email Forwarding
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
EPSON Web-To-Page
eReader
FinePixViewer Resource
FinePixViewer Ver.5.2
FUJIFILM Hyper-Utility Software
FUJIFILM USB Driver
Google Toolbar for Internet Explorer
Google Updater
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HS-V2 Components
Hyper-Utility Software Add-On
Hyper-Utility2
Hyper-Utility2 CCD-RAW Plug-In
Hyper-Utility2 CustomRendered Modifier Plug-In
Hyper-Utility2 File Format Plug-In
Hyper-Utility2 FinePixS20Pro SHOOTING Plug-In
Hyper-Utility2 Preview Print
Hyper-Utility2 Print/Contact Sheet Output Plug-In
Hyper-Utility2 Slide Show Plug-In
ImageMixer VCD2 LE for FinePix
Intel(R) 536EP Modem
InterVideo WinDVD
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.62.0.1300
Maxis\The Sims 8 in 1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Reader Text-to-Speech for English
Microsoft Silverlight
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mobipocket Reader 6.2
Mozilla Firefox (3.5.7)
MS Access 97 SP2
MSN
MSVCRT
MSXML 6 Service Pack 2 (KB973686)
NETGEAR WN111 wireless USB 2.0 adapter
Network Play System (Patching)
Neverwinter Nights
NVIDIA PhysX
OpenOffice.org 2.2
Pando Media Booster
QuickTime
RAW FILE CONVERTER LE
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows XP (KB923789)
Segoe UI
Serif PhotoPlus 6.0
Shockwave
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Smart PDF Converter 4.2
SmartSound Quicktracks Plugin
SpyCatcher Express 5.1.2
Studio Utility
Studio Utility shooting plug-in
SUPERAntiSpyware
Symantec Technical Support Web Controls
System Requirements Lab CYRI
Terminal Services Web Client
The Sims Makin' Magic
Uninstall Entriq MediaSphere
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.6195
VLC media player 0.9.8a
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR archiver
WinZip Self-Extractor
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.2 final uninstall
.
==== Event Viewer Messages From Past Week ========
.
8/13/2012 00:56:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi Fips Processor SASDIFSV SASKUTIL
8/12/2012 20:59:49, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi AVGIDSHX BANTExt Fips Processor SASDIFSV SASKUTIL
8/12/2012 20:15:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi AVGIDSHX Avgldx86 Avgmfx86 Avgrkx86 Avgtdix BANTExt Fips Processor SASDIFSV SASKUTIL
8/12/2012 08:56:13, error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error 0 (0x0).
8/12/2012 08:53:31, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/12/2012 08:39:22, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/11/2012 23:57:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
8/11/2012 23:35:08, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/11/2012 19:29:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSnx aswSP aswTdi AVGIDSHX Avgldx86 Avgmfx86 Avgrkx86 Avgtdix BANTExt BHDrvx86 eeCtrl Fips Processor SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI
8/11/2012 19:01:07, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
8/11/2012 18:50:26, error: SRTSP [5] -
8/11/2012 18:22:40, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
8/11/2012 17:58:58, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AswRdr aswSnx aswSP aswTdi AVGIDSHX Avgldx86 Avgmfx86 Avgrkx86 Avgtdix BANTExt BHDrvx86 eeCtrl Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV SASKUTIL SRTSP SRTSPX SymIRON SYMTDI Tcpip WS2IFSL
8/11/2012 17:58:58, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2012 17:58:58, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2012 17:58:58, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2012 17:58:58, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2012 17:58:58, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/11/2012 11:49:54, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
8/11/2012 11:18:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/10/2012 14:58:25, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
8/10/2012 14:23:17, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
8/10/2012 14:16:33, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
.
==== End Of File ===========================

Report •

#48
August 13, 2012 at 12:43:37
Morning Aimee, I've got up early to see how it was going.

"The link to show hidden folders doesn't work"
Just tried it & it worked for me, it's one of the many bugs in your comp. Here is what it says.

Windows XP and Windows 2003

To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.
Now your computer is configured to show all hidden files.


Report •

#49
August 13, 2012 at 12:47:15
Thanks for the log, get the feeling you hav'nt run TFC,

Run & then post another DDS log please. One part will be enough at this stage.


Report •

#50
August 13, 2012 at 12:54:03
Hi Morning, oe evening for me!
sorry to confuse you, yes I can unhide folders. When I say it didn't work I meant it didn't change the fact I found nothing.
Yes I did run TFC but then I tried paladin removal again & so more temps.
OK so new DDS on the way...................

Report •

#51
August 13, 2012 at 12:57:25
BTW I haven't backed up properly & can't install XP back up in safe mode. Is there something else I can use?

Report •

#52
August 13, 2012 at 13:01:57
To save me rereading everything, I can't remember either, do you have the XP CD?

Report •

#53
August 13, 2012 at 13:05:13
"I have uploaded a shot of disk management for you"
Hav'nt got the link yet.

Report •

#54
August 13, 2012 at 13:17:59
I have the xp cd - Need CD to install the backup utility (NTBACKUP). The system doesn't automatically come with it, you have to download it from CD. I followed instructions to find the installation on CD, tried to install, got message that I can't do it in safemode & as I can't sign in normally, that's out. So, I need another utility I can use to back up.......

Report •

#55
August 13, 2012 at 13:22:58
"NTBACKUP"
Had no idea what you wanted to back up, I think you want to backup the registry.

Report •

#56
August 13, 2012 at 13:25:09
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 21:20:45 on 2012-08-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1707 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Paladin Antivirus *Enabled/Outdated* {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
uRunOnce: [SYMNRT] c:\program files\internet explorer\iexplore.exe http://www.symantec.com/techsupp/se...
uRunOnce: [StartMS] "c:\program files\creative\shared files\media sniffer\StartMS.exe" /s
uRunOnce: [CMSRegOW.exe] "c:\program files\installshield installation information\{56f3e1ff-54fe-4384-a153-6ccaba097814}\CMSRegOW.exe" /r
uRunOnce: [Inetreg] c:\program files\installshield installation information\{e2d27b84-6365-11d6-9baf-0090271af8a4}\Setup.exe /i_again -s
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111\wn111.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carrie broad\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: computing.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: secuload.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-7-1 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-6-18 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2012-08-13 19:13:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 19:13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-12 21:20:59 41984 ------w- c:\windows\Ctregrun.exe
2012-08-12 21:19:40 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2012-08-12 21:19:40 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2012-08-12 21:19:01 -------- d-----w- c:\program files\Creative
2012-08-12 20:39:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 07:42:07 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-11 18:38:15 -------- d-----w- c:\documents and settings\administrator.aimee\Tracing
2012-08-10 19:33:42 -------- d-s---w- c:\documents and settings\administrator.aimee\UserData
2012-08-10 15:35:36 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Mobipocket
2012-08-10 14:54:12 -------- d-----w- c:\documents and settings\administrator.aimee\application data\SUPERAntiSpyware.com
2012-08-10 14:07:39 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Malwarebytes
2012-08-10 13:19:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-08-10 13:15:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-10 13:00:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 10:03:20 -------- d-----w- c:\windows\setup.pss
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22:54 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22:54 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22:54 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22:54 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10:46 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:29 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17:14 -------- d-----w- c:\documents and settings\all users\application data\Tenebril
2012-08-09 21:17:10 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18:43 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:17:53 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46:05 -------- d-----w- C:\PerfLogs
2012-08-04 16:52:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-04 07:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 06:37:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-03 22:48:49 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 08:22:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-03 06:48:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09:07 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09:07 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 04:32:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 21:21:15.23 ===============

Report •

#57
August 13, 2012 at 13:28:32
Ok, log shows problems still unresolved.

Run ComboFix
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.techsupportforum.com/sec...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
Note:
Do not mouseclick combofix's window while it is running. That may cause it to stall.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.


Report •

#58
August 13, 2012 at 13:34:29
http://imgur.com/hFFHn

Report •

#59
August 13, 2012 at 13:44:13
OK I'll run combofix then. Any danger if I don't back up first?

Report •

#60
August 13, 2012 at 13:52:58
"OK I'll run combofix then. Any danger if I don't back up first?"

The moment you got infected, danger was everywhere.There is so much corruption, I don't think doing a backup is worth it, may not even be able to do it. Trying to get ones head around it is hard to visualize, probably taking the hard drive out & slaving to another comp is the way to go.


Report •

#61
August 13, 2012 at 13:55:34
Refer screenshot.
http://i.imgur.com/jxcAs.gif

Report •

#62
August 13, 2012 at 14:03:57
Oh well at least I'll have a clean PC! http://imgur.com/sPtGK Shall I run combofix now?

Report •

#63
August 13, 2012 at 14:11:08
"Shall I run combofix now?"
Yep.

Report •

#64
August 13, 2012 at 14:13:04
Here goes! I maybe some time.........

Report •

#65
August 13, 2012 at 14:41:18
combo fix is running but it said AVG was active
This machine does not have the recovery console installed - needs updating (which is more likely)
Without it combofix shall not attempt the fixing of some serious infections
click yes to have combo fix download/install it
Note this requires an active internet connection (which I can start)

Report •

#66
August 13, 2012 at 14:45:33
Ignore

Report •

#67
August 13, 2012 at 14:47:24
ignore

Report •

#68
August 13, 2012 at 15:11:15
ComboFix 12-08-13.01 - Administrator 08/13/2012 22:52:07.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1671 [GMT 1:00]
Running from: c:\documents and settings\Administrator.AIMEE\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\frcukpcr.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\gijidmjo.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\hiyxbwmi.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\kbwpmism.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\qxkualho.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\rkdvefnf.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\tdtsqeri.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\vungwmpu.log
c:\documents and settings\Administrator.AIMEE\Local Settings\Application Data\xrmisnog.log
c:\documents and settings\Aimee Comley\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dc7036b5cbb5d2db.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fb5f950904d30832.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 19:13 . 2012-08-13 19:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-13 19:13 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-12 21:20 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
2012-08-12 21:19 . 2012-08-12 21:19 -------- d-----w- c:\windows\LastGood
2012-08-12 21:19 . 1999-12-13 01:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2012-08-12 21:19 . 1999-11-18 01:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2012-08-12 21:19 . 2012-08-12 21:23 -------- d-----w- c:\program files\Creative
2012-08-12 20:39 . 2012-08-12 20:39 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 13:47 . 2012-08-12 13:47 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2012-08-12 07:42 . 2012-08-12 07:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-08-10 13:20 . 2001-08-18 13:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2012-08-10 13:19 . 2001-08-18 13:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18 . 2001-08-18 13:00 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17 . 2004-08-04 00:56 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2012-08-10 13:15 . 2001-08-18 13:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15 . 2001-08-18 13:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-08-10 13:00 . 2001-08-18 13:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00 . 2001-08-18 13:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00 . 2001-08-18 13:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00 . 2001-08-18 13:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 08:22 . 2001-08-18 13:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22 . 2001-08-18 13:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22 . 2001-08-18 13:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22 . 2001-08-18 13:00 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22 . 2001-08-18 13:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22 . 2001-08-18 13:00 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22 . 2001-08-18 13:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22 . 2001-08-18 13:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10 . 2012-08-10 07:10 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17 . 2012-08-09 21:17 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17 . 2012-08-09 21:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Tenebril
2012-08-09 21:17 . 2012-08-09 21:17 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30 . 2012-08-06 04:31 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21 . 2012-08-06 04:21 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-06 01:18 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-06 01:18 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-06 01:18 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-06 01:18 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-06 01:18 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-06 01:18 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-06 01:18 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:18 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-06 01:17 . 2012-08-10 07:09 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51 . 2012-08-05 01:51 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46 . 2012-08-04 21:46 -------- d-----w- C:\PerfLogs
2012-08-04 16:52 . 2012-08-10 07:10 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52 . 2012-08-04 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-08-04 07:55 . 2012-08-04 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-04 06:37 . 2012-08-10 07:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-08-04 06:37 . 2012-08-10 07:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-03 22:48 . 2012-08-10 07:10 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 14:00 . 2012-08-03 14:01 -------- d-----w- c:\documents and settings\Administrator
2012-08-03 08:22 . 2012-08-10 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-03 06:48 . 2012-08-05 04:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09 . 2012-07-05 21:06 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09 . 2012-07-05 21:06 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 04:32 . 2011-08-18 14:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50 . 2009-08-19 16:07 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35 . 2007-04-16 21:43 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19 . 2007-04-16 21:45 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 14:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18 . 2007-08-09 12:40 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-06-02 14:18 . 2007-08-09 12:40 275696 ----a-w- c:\windows\system32\mucltui.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-03-28 2937528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2003-10-02 98304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"ATIModeChange"="Ati2mdxx.exe" [2011-03-09 26112]
"SRFirstRun"="srclient.dll" [2004-08-04 67584]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111 Smart Wizard.lnk - c:\program files\NETGEAR\WN111\wn111.exe [2007-8-27 1343488]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\SecuLoad.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpyCatcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpyCatcher.lnk
backup=c:\windows\pss\SpyCatcher.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 10:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 18:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX7400 Series]
2007-04-12 06:00 182272 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICDE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-04 09:17 135664 ----atw- c:\documents and settings\Aimee Comley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
2002-02-04 22:32 53248 ----a-w- c:\program files\REGSHAVE\REGSHAVE.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"56330:TCP"= 56330:TCP:*:Disabled:Pando Media Booster
"56330:UDP"= 56330:UDP:*:Disabled:Pando Media Booster
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/6/2012 02:18 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/6/2012 02:18 353688]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 17:27 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 22:55 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/6/2012 02:18 21256]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [7/1/2011 13:51 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [6/18/2011 02:21 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\ECCL100.SYS --> c:\windows\system32\ECCL100.SYS [?]
S3 pbfilter;pbfilter;\??\c:\program files\PeerBlock\pbfilter.sys --> c:\program files\PeerBlock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v3.sys --> c:\windows\system32\DRIVERS\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\DRIVERS\wind502u.sys --> c:\windows\system32\DRIVERS\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 39550467
*Deregistered* - 39550467
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-06 16:21]
.
2012-08-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-20 18:35]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1958367476-725345543-1004Core.job
- c:\documents and settings\Aimee Comley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 09:17]
.
2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1958367476-725345543-1004UA.job
- c:\documents and settings\Aimee Comley\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-04 09:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Carrie Broad\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: computing.net\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-Locked - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-13 22:56
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Creative Detector = c:\program files\Creative\MediaSource\Detector\CTDetect.exe /R??o?u?r?c?e?\?D?e?t?e?c?t?o?r?\?C?T?D?e?t?e?c?t?.?e?x?e??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Search.PugiObj\CLSID]
@DACL=(02 0000)
@="{95B7759C-8C7F-4BF1-B163-73684A933233}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Search.PugiObj.1\CLSID]
@DACL=(02 0000)
@="{95B7759C-8C7F-4BF1-B163-73684A933233}"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F224B128-6DDF-4E0A-870E-0C9CDFF7C57E}\1.0\0]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F224B128-6DDF-4E0A-870E-0C9CDFF7C57E}\1.0\FLAGS]
@DACL=(02 0000)
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{F224B128-6DDF-4E0A-870E-0C9CDFF7C57E}\1.0\HELPDIR]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32"
.
[HKEY_LOCAL_MACHINE\software\Malwarebytes' Anti-Malware\UUID]
@DACL=(02 0000)
"TrialId"="9f97a99be95411e08a4d001e2abc7d8f00000000"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\09\06\18\0a-&?"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\avgmfapx\DEBUG]
@DACL=(02 0000)
"Trace Level"=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\ESENT\Process\avgui\DEBUG]
@DACL=(02 0000)
"Trace Level"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\secuload.dll
c:\windows\system32\protector.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\secuload.dll
.
Completion time: 2012-08-13 22:58:14
ComboFix-quarantined-files.txt 2012-08-13 21:58
.
Pre-Run: 172,118,110,208 bytes free
Post-Run: 172,075,175,936 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noexecute=optout
.
- - End Of File - - BE044B9739BEC4B5ADF2651F7DBF9C39

Report •

#69
August 13, 2012 at 15:12:05
Am I disinfected? Please say I am! :)

Report •

#70
August 13, 2012 at 15:20:17
"Am I disinfected? Please say I am! :)"

Hell of a lot better, we should now be able to move forward.

Update & run MBAM.

Run TFC again.

Then DDS.

Post logs for MBAM, & DDS ( 1 page )


Report •

#71
August 13, 2012 at 15:43:57
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 6.0.2900.2180
Run by Administrator at 23:40:44 on 2012-08-13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.2046.1739 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mURLSearchHooks: H - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Creative MediaSource Go] c:\program files\creative\mediasource\go\CTCMSGo.exe
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111\wn111.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\carrie broad\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: computing.net\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{31807E15-2156-4B8E-AF54-A6EE95BA72B2} : DhcpNameServer = 192.168.1.254
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\SecuLoad.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-8-6 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-8-6 353688]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-8-6 21256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-8-6 44808]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [2011-7-1 101904]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-6-18 25832]
S3 ECCL100;ECCL100 NDIS Protocol Driver;\??\c:\windows\system32\eccl100.sys --> c:\windows\system32\ECCL100.SYS [?]
S3 pbfilter;pbfilter;\??\c:\program files\peerblock\pbfilter.sys --> c:\program files\peerblock\pbfilter.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys --> c:\windows\system32\drivers\wg111v3.sys [?]
S3 wind502u;54Mbps USB Adapter;c:\windows\system32\drivers\wind502u.sys --> c:\windows\system32\drivers\wind502u.sys [?]
S3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\wpro_40_1340.sys --> c:\windows\system32\drivers\WPRO_40_1340.sys [?]
.
=============== Created Last 30 ================
.
2012-08-13 22:33:31 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-13 21:50:49 -------- d-sha-r- C:\cmdcons
2012-08-13 21:37:53 98816 ----a-w- c:\windows\sed.exe
2012-08-13 21:37:53 518144 ----a-w- c:\windows\SWREG.exe
2012-08-13 21:37:53 256000 ----a-w- c:\windows\PEV.exe
2012-08-13 21:37:53 208896 ----a-w- c:\windows\MBR.exe
2012-08-13 19:13:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-12 21:20:59 41984 ------w- c:\windows\Ctregrun.exe
2012-08-12 21:19:40 44032 ------w- c:\windows\system32\CTSVCCDA.EXE
2012-08-12 21:19:40 25088 ------w- c:\windows\system32\CTSVCCTL.EXE
2012-08-12 21:19:01 -------- d-----w- c:\program files\Creative
2012-08-12 20:39:32 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-12 07:42:07 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-08-11 18:38:15 -------- d-----w- c:\documents and settings\administrator.aimee\Tracing
2012-08-10 19:33:42 -------- d-s---w- c:\documents and settings\administrator.aimee\UserData
2012-08-10 15:35:36 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Mobipocket
2012-08-10 14:54:12 -------- d-----w- c:\documents and settings\administrator.aimee\application data\SUPERAntiSpyware.com
2012-08-10 14:07:39 -------- d-----w- c:\documents and settings\administrator.aimee\application data\Malwarebytes
2012-08-10 13:19:57 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2012-08-10 13:18:54 10096640 -c--a-w- c:\windows\system32\dllcache\hwxcht.dll
2012-08-10 13:17:58 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2012-08-10 13:15:17 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-08-10 13:15:17 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2012-08-10 13:00:57 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-08-10 13:00:57 13312 ----a-w- c:\windows\system32\irclass.dll
2012-08-10 13:00:56 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-08-10 13:00:56 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-08-10 10:03:20 -------- d-----w- c:\windows\setup.pss
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2012-08-10 08:22:54 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2012-08-10 08:22:54 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2012-08-10 08:22:54 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2012-08-10 08:22:54 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2012-08-10 08:22:54 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2012-08-10 08:22:54 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2012-08-10 07:10:46 -------- d-----w- c:\program files\CCleaner
2012-08-09 21:17:29 -------- d-----w- c:\windows\system32\SpycatcherAgentSetupTemp
2012-08-09 21:17:14 -------- d-----w- c:\documents and settings\all users\application data\Tenebril
2012-08-09 21:17:10 -------- d-----w- c:\program files\Tenebril
2012-08-06 04:30:29 22032 ----a-w- c:\windows\DCEBoot.exe
2012-08-06 04:21:28 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-08-06 01:18:43 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-06 01:18:14 41224 ----a-w- c:\windows\avastSS.scr
2012-08-06 01:17:53 -------- d-----w- c:\program files\AVAST Software
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-05 01:51:37 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-04 21:46:05 -------- d-----w- C:\PerfLogs
2012-08-04 16:52:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-04 16:52:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-08-04 07:55:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-08-04 06:37:24 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-08-04 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-08-03 22:48:49 -------- d-----w- c:\program files\Free Window Registry Repair
2012-08-03 08:22:15 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-08-03 06:48:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 23:09:07 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-02 23:09:07 687544 ----a-w- c:\windows\system32\deployJava1.dll
.
==================== Find3M ====================
.
2012-08-05 04:32:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-04 16:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 14:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 14:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 14:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 14:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 14:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 14:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
.
============= FINISH: 23:41:25.82 ===============

Report •

#72
August 13, 2012 at 15:45:14
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.06

Windows XP Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.2180
Administrator :: AIMEE [administrator]

8/13/2012 23:34:37
mbam-log-2012-08-13 (23-34-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278175
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Report •

#73
August 13, 2012 at 15:54:35
Run HJT & post log please.

HijackThis ( HJT )
http://sourceforge.net/projects/hjt/


Report •

#74
August 13, 2012 at 16:11:45
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:09:57, on 8/14/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: NETGEAR WN111 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111\wn111.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Carrie Broad\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://www.computing.net
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\SecuLoad.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Symantec RemoteAssist - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (file missing)

--
End of file - 6849 bytes


Report •

#75
August 13, 2012 at 16:14:16
I haven't selected anything from hijack this yet - meaning options to scan & fix stuff, etc......let me know if I should, which ones

Report •

#76
August 13, 2012 at 16:23:29
"let me know if I should, which ones"
I did hope the AVG entry would be there, it's not.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*

Maybe you can do it from DDS.

Did you make sure the Windows firewall is running?

Can you boot into Normal mode & connect to the internet?
What is your main browser?


Report •

#77
August 13, 2012 at 16:29:59
AVG I ranAVG removal tool before hijack this
Do it from DDS?
I just checked & windows firewall is on
do you want me to try to boot into normal mode now?
Default browser should be ie as that's what I've always used

Report •

#78
August 13, 2012 at 16:38:27
"do you want me to try to boot into normal mode now?"
Yep.

Report •

#79
August 13, 2012 at 16:41:16
"Do it from DDS?"

"I haven't selected anything from hijack this yet - meaning options to scan & fix stuff"


Report •

#80
August 13, 2012 at 16:41:50
still hav regseeker backups with avg - delete tem?

Report •

#81
August 13, 2012 at 16:43:13
ok attempting to reboot. safe to use internet when i do?

Report •

#82
August 13, 2012 at 16:48:26
" Default browser should be ie as that's what I've always used"
Run CCleaner, click on the Cleaner box first. Make sure all the boxes are ticked in IE & then click on > Run Cleaner.

Click on the Registry box, make sure all the boxes are ticked & click on > Scan for Issues, when finished, click on > Fix Selected issues.


Report •

#83
August 13, 2012 at 16:49:33
"still hav regseeker backups with avg - delete tem?"
Not yet.

Report •

#84
August 13, 2012 at 16:50:39
"safe to use internet when i do"
Should be.

Report •

#85
August 13, 2012 at 16:50:42
Tried to log in normal mode - still got blue screen - no script. CTRL ALT DEL task manager comes up - no user name - explorer.exe is running in processes - attempt to log off or restart from task manager, nothing happens so switched off at PC power button

Report •

#86
August 13, 2012 at 16:55:20
ran ccleaner & followed instructions - attempting to reboot to normal

Report •

#87
August 13, 2012 at 17:02:40
same story
rebooted to safe mode with networking again
btw I now have 3 OS choices when I reboot:
Recovery console
Debugger
XP home edition (which is the one I use)

Report •

#88
August 13, 2012 at 17:16:02
It's getting really late for me & I have to work tomorrow so I have to go to bed now. I hope you'll help me again tomorrow & I really appreciate all your help & patience. If there's anything you want me to do, let me know & I'll try to do it before I go to work in the morning but I probably won't be able to reply to anything until I get home from work. Cheers & thanks!

Report •

#89
August 13, 2012 at 17:19:11
"same story"
Ok, that will do for now, shall have to think about it when I'm fresh, got a few more up my sleeve, but need time, only had 4 hours sleep so far & it is after midnight for you.

Back to bed for me.

Catch you when you are next available.


Report •

#90
August 14, 2012 at 02:32:58
I hav'nt forgotten you Aimee, lot happening today & now I have to take the wife into hospital 6.30 am tomorrow. She was booked for Thursday, but they had a cancellation
.

Report •

#91
August 14, 2012 at 03:26:14
Run > aswMBR.exe
http://public.avast.com/%7Egmerek/a...
Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
Click the "Fix" in case of infection
Important > you need to wait for the tool to report ... Infection fixed successfully
Do not reboot the machine until it has said so.
Save the aswASW.log to the desktop

Report •

#92
August 14, 2012 at 07:23:55
Aimee, the bottom line is that you have or had too many Anti-virus progs installed and enabled. You can ONLY have one running or you will have conflicts.
Use Revo uninstaller in hunter mode and remove the other AV's
http://www.revouninstaller.com/revo...

Some HELP in posting on Computing.net plus free progs and instructions 7 Golds


Report •

#93
August 14, 2012 at 10:33:58
Hi again JohnW I just got back from work. Hope your wife is OK
I have run aswMBR scan finished succesfully but the Fix button isn't highlighted so I assume nothing to fix?
The FixMBR is highlighted - should I hit that?

Report •

#94
August 14, 2012 at 10:40:43
Hi XpUser4Real I know I have too many antivirus programs. It wasn't intentional. I have managed to get rid of Norton (although I noticed a symantec driver yesterday.....don't know if that would cause any problems but Norton no longer shows up on DDS despite it) The other one is AVG & I've been trying to get rid of it but I haven't had any luck yet. i was using AVG when I got infected & downloaded Avast to help fight the virus. I don't know which antivirus is better but I was aiming to keep Avast as my antivirus program & so I am trying to remove all others. I'll try revouninstaller as you suggest.

Report •

#95
August 14, 2012 at 10:44:07
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-14 18:24:49
-----------------------------
18:24:49.812 OS Version: Windows 5.1.2600 Service Pack 2
18:24:49.812 Number of processors: 1 586 0x2F00
18:24:49.812 ComputerName: AIMEE UserName:
18:24:50.375 Initialize success
18:24:51.875 AVAST engine defs: 12080900
18:25:11.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7
18:25:11.812 Disk 0 Vendor: HDS722525VLSA80 V36OA6MA Size: 238475MB BusType: 3
18:25:11.828 Disk 0 MBR read successfully
18:25:11.828 Disk 0 MBR scan
18:25:12.265 Disk 0 Windows XP default MBR code
18:25:12.281 Disk 0 Partition 1 00 12 Compaq diag RECOVERY 4502 MB offset 63
18:25:12.515 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 233962 MB offset 9221310
18:25:12.843 Disk 0 scanning sectors +488376000
18:25:13.203 Disk 0 scanning C:\WINDOWS\system32\drivers
18:25:29.000 Service scanning
18:25:49.703 Modules scanning
18:25:55.937 Disk 0 trace - called modules:
18:25:55.968 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
18:25:58.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a779ab8]
18:25:59.125 3 CLASSPNP.SYS[f763805b] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-7[0x8a7bfb00]
18:25:59.812 AVAST engine scan C:\WINDOWS
18:26:04.109 AVAST engine scan C:\WINDOWS\system32
18:28:21.171 AVAST engine scan C:\WINDOWS\system32\drivers
18:28:36.953 AVAST engine scan C:\Documents and Settings\Administrator.AIMEE
18:28:47.640 AVAST engine scan C:\Documents and Settings\All Users
18:29:10.875 Scan finished successfully
18:42:48.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator.AIMEE\Desktop\MBR.dat"
18:42:48.109 The log file has been saved successfully to "C:\Documents and Settings\Administrator.AIMEE\Desktop\aswMBR.txt"



Report •

#96
August 14, 2012 at 11:08:12
XpUser4Real unless I'm being stupid (highly possible) revouninstaller can't help me remove AVG (or symantec drive). AVG may be showing up on DSS as installed but it doesn't run any visible applications so I can't point hunter at it to remove it. AVG doesn't show up in the programs list on revouninstaller either & I used revouninstaller to search for AVG & it found nothing. There seem to be quite a few features so maybe there's something on revouninstaller that'll help me remove whatever residual traces there are of AVG which is causing it to show up, so please let me know if there's something else I should try. However, I'm suspicious that I still have an infection on my PC & maybe removing the infection might help me remove AVG & allow me to log into my PC in normal mode.

Report •

#97
August 14, 2012 at 12:59:47
you could also use avg's custom uninstall program.

AVG 32 UNINTALLER

:: mike


Report •

#98
August 14, 2012 at 14:26:35
Hi mikelinus yes i tried that. Unfortunately it didn't work.

Report •

#99
August 14, 2012 at 14:28:03
Is it possible I have a virus in start up?

Report •

#100
August 14, 2012 at 14:30:31
I'm starting to think I'll have to do a clean install? No virus removal tools seem to be fixing the issue

Report •

#101
August 14, 2012 at 14:40:11
"I'm starting to think I'll have to do a clean install? No virus removal tools seem to be fixing the issue"

Hi Aimee, I'm just getting ready to go to the hospital. yes some rootkits they have not been able to keep up with, no sooner they get a fix & another new version comes out.

Make sure when you reinstall, you delete ALL partitions & format to NTFS.
D to Delete the selected partition ( XP )
http://www.blackviper.com/Articles/...

Here are some examples of why you delete all partitions.
http://forums.spybot.info/showthrea...
http://forums.whatthetech.com/index...
http://blog.eset.com/2011/10/18/tdl...
World's stealthiest rootkit gets a makeover
http://www.theregister.co.uk/2011/1...
"This is what we are up against, malware has installed an infected hidden partition within your Master Boot Record and set that partition as active so everytime you boot up your system it boots from the infected partition and the malware is activated."
Rootkit Bounces Back …with a vengeance
http://www.techsupportforum.com/381...
Malware Prevention
http://www.malwarevault.com/index.html
"There is no magic involved. The majority of malware is installed by the user themselves"


Report •

#102
August 14, 2012 at 15:06:15
Hi JohnW I didn't expect you to fit me in between taking your wife to the hospital but thank you for the reply. It's appreciated.
I assume you agree that a clean installation is the best option now? I will delete partitions as you suggest when I do it. I've never done a clean installation before but I'm sure I can look up instructions. I'm backing up my data now. Hopefully I won't be copying any virus with it.
Hope all goes well at the hospital.

Report •

#103
August 14, 2012 at 15:07:20
One last tool to try Aimee, if you want to.

Run Comodo Cleaning Essentials
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.comodo.com/business-secu...
How to Clean An Infected Computer using Comodo Cleaning Essentials (CCE )
http://www.techsupportalert.com/con...
"After downloading CCE unzip the file, open the folder for CCE, and double click on the file called CCE. This will open the main program for Comodo Cleaning Essentials. If it refuses to open then hold down the shift key and, while still holding it down, double click on the file called CCE. After CCE has successfully opened you can let go of the shift key. However, do not let go of it until the program has fully loaded. If you let go of it even during the UAC popup it may not be able to forcefully open correctly. Holding down shift should allow it to open, even on heavily infected computers. It does this by killing most of the unnecessary processes that could be interfering with its launch. If it still will not launch then download and run a program called RKill. This can be downloaded from this page. This program will terminate known malicious processes. Thus, after running it CCE should be able to open fine.
Once it's opened perform a "Smart Scan" with CCE and remove anything it finds. This program also scans for system changes which may have been caused by malware. These will be shown with the results. I would advise letting it fix these as well. Restart your computer when prompted."


Report •

#104
August 14, 2012 at 15:17:01
Another point Aimee, the very best time to install Service Packs is on a clean install.

You did not have SP3 installed, it offers a much a higher level of security.

http://support.microsoft.com/kb/322389


Report •

#105
August 14, 2012 at 15:24:59
Thanks JohnW I will take a look at CCE.
Yes I will want SP3 I had it BV - before virus ;) but when I tried to recover windows from the original installtion disk PC reverted back to SP2. Assume I'd have to update to get that once I've reinstalled from the CD

Report •

#106
August 14, 2012 at 18:45:33
"Hope all goes well at the hospital"
Thanks Aimee, fingers crossed, it's a 5 hour back operation, being done today.

Report •

#107
August 14, 2012 at 19:03:53
"Assume I'd have to update to get that once I've reinstalled from the CD"
Better way is to download SP3 to your desktop & slipstream it into XP.

SP3 download
http://www.microsoft.com/downloads/...

Slipstream Service Pack 3 into Your Windows XP Installation CD
http://lifehacker.com/386526/slipst...

Why Service Packs are Better Than Patches
http://technet.microsoft.com/en-au/...


Report •

#108
August 14, 2012 at 19:25:36
"I'm backing up my data now. Hopefully I won't be copying any virus with it"
Right click on all the stuff you back up & run every infection tool you have installed.

Report •

#109
August 14, 2012 at 20:27:06
"I've never done a clean installation before but I'm sure I can look up instructions"
If you google there is a lot available, I shall break it down to simple instructions.

Ideal is using a slipstreamed CD, you also get repair benefits, if you have to use later.

!: Boot the comp ( safe mode as normal isn't working )

2: Put your XP CD in & reboot.

3: If the boot sequence is correct, you will see either >
3a: Press any key ( you only have a few seconds to do this )
Note: During the install, you will get reboots & see that message again. Ignore.
3b: The Windows install will start.

4: If the boot sequence is wrong, you change the bios to boot from the CD first.
If you don't know how to do that, press the pause button during the initial boot with all the writing on the screen & you will see down the bottom, press "?" key to enter setup.
Now you go to the Boot section.
The screenshots in these links give you a basic idea of the bios, but because there are many bios versions, they may not match.
http://pcsupport.about.com/od/fixth...
http://pcsupport.about.com/od/fixth...

5: Now follow the prompts for a clean install & when you get there, Delete all partitions & then proceed.
http://www.blackviper.com/os-instal...

6: When the install is finished, go into the Bios again & set it to boot from the HDD first.

7: Here is what to expect during the install, I never put passwords in.
http://www.blackviper.com/os-instal...


Report •

#110
August 15, 2012 at 00:35:11
Morning JohnW I have to go to work in a minute but thank you for the instructions to reinstall.

Report •


Ask Question