Hello,

A few weeks back I got a virus known as the AV Virus where a phony virus blocking software downloaded and installed on my system (I foolishly let my Free AVG expire and had not yet converted to the permanant free version).

I immediatly openned task manager and ended the download task but it was too late. I went into my system and found the .exe file and manually deleted it. It was too late...it blocked my email and interent connection. i performed a repair install of win XP and was able to get into safe mode and download a few things to help get me back into functioning normal mode. I performed all of the Sticky Note instructions and everything seemed to be better but there are a few items that do not seem to belong but are not being cleaned by any tools.

Today, my computer is acting very strange...slow internet and I have to close Outlook and reopen it to get email to download. Very frustrating.

Any help would be much appreciated! I will post logs when told to do so...until then I will wait patiently. :)

Maybe, but I doubt it. I think what happened is when you allowed the free trial to expire you probably lost the ability to uninstall. You might try downloading the same program again, install it and then immediately uninstall it.
Part of the problem is the McAfee on there too.

I agree with Judy on this one. Back up what you need and make a fresh start.

derek, you know you have a lot of damage there. Trying to just repair would be like trying to repair a silk suit with cotton patches, it would LOOK lousy and not feel very good either.
Go back to factory, install all your drivers, then get all operating system updates …

Anitvirus, Avira Free, without a doubt. #1 in testing, I have used it for several years. Firewall, well, certainly NOT AVG or McAfee. :D
ONLINE ARMOR Firewall,

Derek, I was going to post a few notes...
"i performed a repair install of win XP"... this will replace system files and some of the M$part of registry, but does not necessarily repair malware damage; it will not remove malware files etc. From the Pg1 combofix, an authorized … ## All 43 Replies As long as these programs were run today, then please post the logs from the Read Me Sticky tools. They must be current logs, not from several days ago. Hi Jholland, they are not from today...they would be a couple of weeks old by now. shall I run new? Absolutely we need new ones run. Should I follow the sticky note instrutions again or are there any specific logs you want first? I don't want to get ahaed of myself and make any mistakes. Thanks! Follow the instructions in the sticky just as given. You will do just fine! Hi Jholland, I followed the sticky notes and am attaching the logs per the instructions. The only thing I couldn't get t orun properly was the DDS. The log is just a bunch of jibberish...symbols, etc. I turned off my McAfee as much as it allows but the DDS log was still jibberish. GMER One Log: GMER 1.0.15.15530 - http://www.gmer.net Rootkit quick scan 2011-03-15 18:02:20 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. Running: 7n4ry7lt.exe; Driver: C:\DOCUME~1\Wolf\LOCALS~1\Temp\uxtdapoc.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DB50E0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DB50F4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DB5120] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DB5176] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DB50CC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DB50A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DB50B8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DB510A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DB514C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DB5136] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DB51A0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DB518C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DB5160] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- EOF - GMER 1.0.15 ---- GMER Two Log: GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-15 23:21:39 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Intel___ rev.1.0. Running: 7n4ry7lt.exe; Driver: C:\DOCUME~1\Wolf\LOCALS~1\Temp\uxtdapoc.sys ---- System - GMER 1.0.15 ---- Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xB9DB50E0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xB9DB50F4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB9DB5120] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9DB5176] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xB9DB50CC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9DB50A4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9DB50B8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xB9DB510A] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xB9DB514C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xB9DB5136] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9DB51A0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9DB518C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9DB5160] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- Threads - GMER 1.0.15 ---- Thread System [4:2092] 9E6EB730 ---- EOF - GMER 1.0.15 ---- Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6046 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 3/16/2011 6:40:24 AM mbam-log-2011-03-16 (06-40-24).txt Scan type: Full scan (C:\|) Objects scanned: 404952 Time elapsed: 1 hour(s), 18 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\documents and settings\Wolf\local settings\temp\Crack (RiskTool.P2P.H) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) Not sure what you mean by gibberish. The log does look different than other logs. Look in this thread, did DDS look similar to the log shown in it? There are two logs produced with DDS, not just one. No, it didn't look anything like that...it was symbols, random letters, etc all in an unbroken line. Here is a sample: UXI§Á(º©Ã*‡ygk®JB64ZŒG¸7íb'Øú“¹ŒX¦SIÒ¾]² The other strange thing is I save it to my desktop but it does not stick. I have to save it and run it right away or else the download disappears. Have not seen this before. Try this one: Please download ComboFix by sUBs from Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page. • You must download it to and run it from your Desktop • Physically disconnect from the internet. • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix. • Double click combofix.exe & follow the prompts. • When ComboFix has finished running, you will see a screen stating that it is preparing the log report • This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt. • Re-enable all the programs that were disabled during the running of ComboFix.. • Then post back here with that log and a new scan log from HiJackThis. Note: Do not mouse-click combofix's window while it is running. That may cause it to stall. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine. Run Combofix ONCE only!! Hi Jholland, Sorry for the complete lag in response. I get slammed with work and since this is my work PC I didn't have time to mess with it. Things are still really wonky...my email was doing this not sending/receiving thing for days...I would have to log out and log back in toe pull new emails down off my ISP'sserver and then out of the blue it started pushing/pulling fine again. howver today, email keeps locking up, fans start blowing so hard is sounds like my machine is going to take off and I have to end task. I suspect McAffee may be partially to blame but??? Anyway, I just ran ComboFix...here is the log of that (couple of odd notes...it warned me that I have AVG running...I uninstalled that ages ago with the Add/Remove tool in Control Panel...also during running I recieved a Sorry PEV encountered a problem and had to close message): ComboFix 11-03-24.02 - Wool 03/24/2011 21:07:45.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2387 [GMT -4:00] Running from: c:\documents and settings\Wool\Desktop\ComboFix.exe AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 ))))))))))))))))))))))))))))))) . . 2011-03-02 04:03 . 2010-10-14 03:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-03-02 04:03 . 2010-10-14 03:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll 2011-03-02 04:03 . 2010-10-14 03:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-03-02 04:03 . 2010-10-14 03:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-03-02 04:03 . 2010-10-14 03:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-03-02 04:03 . 2010-10-14 03:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-03-02 04:03 . 2010-10-14 03:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-03-02 04:03 . 2010-10-14 03:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-03-02 04:03 . 2010-10-14 03:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-03-02 04:03 . 2011-03-02 04:04 -------- d-----w- c:\program files\Common Files\Mcafee 2011-03-02 04:03 . 2011-03-02 04:03 -------- d-----w- c:\program files\McAfee.com 2011-03-02 03:51 . 2010-10-14 03:28 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-03-01 18:07 . 2011-03-01 18:07 -------- d-----w- c:\documents and settings\Wool\Application Data\TrojanHunter 2011-03-01 04:58 . 2011-03-14 20:45 -------- d-----w- c:\program files\TrojanHunter 5.3 2011-03-01 03:05 . 2011-03-02 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2011-02-28 04:27 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-28 04:27 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-28 02:17 . 2011-02-28 02:17 -------- d-----w- c:\program files\Common Files\Java 2011-02-28 02:17 . 2011-02-28 02:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-28 02:17 . 2011-02-28 02:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-28 02:17 . 2011-02-28 02:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-02-26 15:57 . 2011-02-26 15:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-02-26 14:16 . 2011-02-26 14:16 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2011-02-25 10:20 . 2011-02-25 10:20 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-10-14 03:28 . 2011-03-02 04:03 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Wool\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Wool\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Wool\Application Data\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152] "dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "CTHelper"="CTHELPER.EXE" [2006-12-12 19456] "CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 18944] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] "Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-13 185872] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544] . c:\documents and settings\Wool\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Wool\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872] Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2007-5-7 118784] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2008-11-11 05:26 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Directrec Configuration Tool.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Directrec Configuration Tool.lnk backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] 2006-12-12 18:46 19456 ----a-w- c:\windows\system32\CtHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2006-03-02 09:00 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] 2007-03-15 18:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] 2009-05-21 17:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA] 2005-09-08 10:20 122940 ----a-w- c:\windows\system32\DLA\DLACTRLW.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] 2007-11-15 17:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2004-08-10 12:04 59392 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting] 2007-11-02 16:59 31816 ----a-w- c:\program files\Citrix\GoToMeeting\198\g2mstart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2006-02-19 09:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2005-06-17 12:56 139264 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] 2006-01-18 22:00 8192 ----a-w- c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 22:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] 2010-11-26 17:31 1242448 ----a-w- c:\program files\Steam\Steam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2008-10-13 18:55 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ----a-w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "wuauserv"=2 (0x2) "TapiSrv"=3 (0x3) "SysmonLog"=3 (0x3) "MSK80Service"=2 (0x2) "mnmsrvc"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "GoToAssist"=3 (0x3) "DM1Service"=2 (0x2) "Apple Mobile Device"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Steam\\SteamApps\\s3arav3n\\half-life 2 deathmatch\\hl2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\FlashFXP\\FlashFXP.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"= "c:\\Program Files\\Rhapsody\\rhapsody.exe"= "c:\\Documents and Settings\\Wool\\temp\\TeamViewer\\Version5\\TeamViewer.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Documents and Settings\\Wool\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 "3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server "51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server "51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server . R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/2/2011 12:03 AM 84072] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:03 AM 271480] R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/2/2011 12:03 AM 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/2/2011 12:04 AM 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/1/2011 11:51 PM 141792] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/2/2011 12:03 AM 55840] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/2/2011 12:03 AM 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 12:03 AM 88544] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 11:00 AM 135664] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 8:46 AM 284016] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [11/26/2010 5:15 PM 24576] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [3/2/2011 12:03 AM 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/2/2011 12:03 AM 84264] S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms [12/5/2007 7:47 PM 20640] . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2011-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 15:00] . 2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 15:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hgtv.com/hgtv-dream-home-2011-giveaway-enter/package/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab FF - ProfilePath - c:\documents and settings\Wool\Application Data\Mozilla\Firefox\Profiles\csnh7ey1.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . . ------- File Associations ------- . .scr=AutoCADScriptFile . - - - - ORPHANS REMOVED - - - - . AddRemove-HijackThis - c:\documents and settings\Wool\My Documents\Hijackthis\HijackThis.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-24 21:16 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTHelper = CTHELPER.EXE? CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\PCD5SRVC{FBEA8B78-1B22F121-05040000}] "ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1124) c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(772) c:\windows\system32\WININET.dll c:\documents and settings\Wool\Application Data\Dropbox\bin\DropboxExt.13.dll c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2011-03-24 21:19:49 ComboFix-quarantined-files.txt 2011-03-25 01:19 ComboFix2.txt 2011-02-27 21:33 . Pre-Run: 45,611,790,336 bytes free Post-Run: 45,794,914,304 bytes free . - - End Of File - - DA206DC4A2CCF50EF960BF41CF44A113 Well AVG is most definitely on the machine, it shows very clearly in the log. AV: AVG Internet Security 2011 *Enabled/Updated* FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66} These two, along with McAfee AV program and McAfee firewall means you are running TWO of each. One reason for major problems on any machine. First of all you must get that AVG stuff off the machine. Go to this link and download the uninstaller to remove it. Honestly I also think McAfee is also a huge part of your problem too. Since this is a work computer are you allowed to remove it? Another big problem is the fact that you are continuing to use the computer instead of getting this cleaned up. I don't know that you will be able to get it cleaned up unless you can actually stick with it. OK...so I rean the remover. I have actually tried using their uninstaler before...with no effect apparently. I use this as my work computer but it is my own business so no worries about admin rights etc. Do you need a new log of any sort after this removal? Do a manual search on the computer for AVG just to be sure. Try again to run the DDS Scanner. If it doesn't run in normal mode and produce a proper log, try it in Safe Mode. Need to see both logs. OK...DDS still won't run properly. I turned off McAfee as much as allowed (real time protection) and that didn't help...getting gibberish in a notepad file. The AVG is still on the Root of my C: drive...there is a folder$AVG and under that $Vault filed with a bunch of .fil files. just re-read...will run in safe mode now...sorry. No luck...tried to run in safemode with networking and got a gibberish log with "The program cannot be run in DOS mode" at the top. BTW...says the same thing in regular mode as well. Strange. please download this file: xp_scr_fix. Unpack the file onto your desktop and double-click it. You will be asked if you wish to merge the file with you registry, say yes. You should hopefully then be able to run DDS.scr. Not sure if my last post went through (sorry if this is redundandt!)...was able to get DDS to run but it blue screened me in normal run...was able to run in safe mode. The program asked me to zip and upload the attach.txt file. How do I upload the zip to the forum for you to review? DDS LOG: . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Wolf at 11:39:51.51 on Fri 03/25/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2703 [GMT -4:00] . AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall *Enabled* FW: AVG Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\savedump.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcrobatInfo.exe C:\Documents and Settings\Wolf\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.hgtv.com/hgtv-dream-home-2011-giveaway-enter/package/index.html uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110301230333.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll" mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe" mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe" mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE" mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Mobile Connectivity Suite] "c:\program files\htc\htc sync\application launcher\Application Launcher.exe" /startoptions mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\wolf\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\wolf\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: musicmatch.com\online DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://www.ritzpix.com/net/Uploader/LPUploader45.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\wolf\applic~1\mozilla\firefox\profiles\csnh7ey1.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 386840] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-2 84072] R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-2 271480] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-2 188136] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-1 141792] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-2 313288] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88544] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; [x] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-2 271480] S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-3-2 271480] S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-2 171168] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-2 55840] S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-11-26 24576] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-2 152960] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-2 52104] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-2 88544] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-2 84264] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-2-15 34216] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-2-15 40552] S3 PCD5SRVC{FBEA8B78-1B22F121-05040000};PCD5SRVC{FBEA8B78-1B22F121-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~2\hwdiag\bin\PCD5SRVC.pkms [2007-12-5 20640] . =============== Created Last 30 ================ . 2011-03-25 01:04:01 98816 ----a-w- c:\windows\sed.exe 2011-03-25 01:04:01 89088 ----a-w- c:\windows\MBR.exe 2011-03-25 01:04:01 256512 ----a-w- c:\windows\PEV.exe 2011-03-25 01:04:01 161792 ----a-w- c:\windows\SWREG.exe 2011-03-02 04:03:33 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2011-03-02 04:03:33 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2011-03-02 04:03:26 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2011-03-02 04:03:26 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2011-03-02 04:03:26 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2011-03-02 04:03:25 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys 2011-03-02 04:03:25 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2011-03-02 04:03:25 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2011-03-02 04:03:25 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2011-03-02 04:03:21 -------- d-----w- c:\program files\common files\Mcafee 2011-03-02 04:03:20 -------- d-----w- c:\program files\McAfee.com 2011-03-02 03:51:41 141792 ----a-w- c:\windows\system32\mfevtps.exe 2011-03-01 18:07:36 -------- d-----w- c:\docume~1\wolf\applic~1\TrojanHunter 2011-03-01 04:58:58 -------- d-----w- c:\program files\TrojanHunter 5.3 2011-03-01 03:05:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-02-28 04:27:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-02-28 04:27:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-02-28 02:17:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-02-28 02:17:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-02-28 02:17:33 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-02-26 14:41:40 -------- d-sha-r- C:\cmdcons . ==================== Find3M ==================== . . ============= FINISH: 11:41:16.96 =============== The AVG is still on the Root of my C: drive...there is a folder$AVG and under that $Vault filed with a bunch of .fil files. You have to get that off of there as it most definitely is still running. Try using this program to remove the AVG stuff: Revo Uninstaller, Free version http://www.revouninstaller.com/revo_uninstaller_free_download.html That isn't the full log, there should be more showing after ==================== Find3M ==================== and before ============= FINISH: 11:41:16.96 =============== Open the attach.txt and copy/paste the log here.We don't want the file attached at all, we want it copy/pasted Strange...that is the whole log as it appears in notepad. There is nothing in that area between find 3M and Finished. I di get a blue screen...the strop error was: 0x00000023, 0x000E0100, 0xB94A4050, 0xB94A3D4C, 0x805510D4 (not sure if this helps but thought I would share any/all info on my end). Installed REVO...it is not seeing the AVG...at least it is not on the list of programs to remove. Definietly annoyed with AVG at this point but am also concerned I have a spoofed version of it now...even though I downloaded it off of CNET. Attached.txt log: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume2 Install Date: 2/10/2011 9:39:28 PM System Uptime: 3/25/2011 11:22:35 AM (0 hours ago) . Motherboard: Dell Inc. | | 0HJ054 Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz Processor: Intel(R) Pentium(R) D CPU 3.20GHz | Microprocessor | 3192/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 170 GiB total, 43.53 GiB free. D: is FIXED (NTFS) - 58 GiB total, 12.457 GiB free. E: is CDROM () F: is CDROM (CDFS) G: is Removable H: is Removable I: is Removable J: is Removable K: is Removable N: is Removable O: is FIXED (NTFS) - 233 GiB total, 70.616 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP19: 2/27/2011 9:21:12 PM - System Checkpoint RP20: 3/1/2011 7:23:59 AM - System Checkpoint RP21: 3/2/2011 9:10:42 AM - System Checkpoint RP22: 3/3/2011 10:30:21 AM - System Checkpoint RP23: 3/5/2011 11:32:48 AM - System Checkpoint RP24: 3/6/2011 11:51:55 AM - System Checkpoint RP25: 3/7/2011 7:40:33 PM - System Checkpoint RP26: 3/9/2011 12:19:47 AM - System Checkpoint RP27: 3/10/2011 7:37:28 AM - System Checkpoint RP28: 3/11/2011 9:54:42 AM - System Checkpoint RP29: 3/24/2011 9:04:19 PM - ComboFix created restore point . ==== Installed Programs ====================== . 6300 6300_Help 6300Trb Acrobat.com Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe After Effects CS4 Adobe After Effects CS4 Presets Adobe After Effects CS4 Third Party Content Adobe AIR Adobe Anchor Service CS4 Adobe Asset Services CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles AE CS4 Adobe Color Video Profiles CS CS4 Adobe Contribute CS4 Adobe Creative Suite 4 Master Collection Adobe CS4 American English Speech Analysis Models Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Dreamweaver CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe Encore CS4 Adobe Encore CS4 Codecs Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Fireworks CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 STI-en Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Illustrator 10 Adobe Illustrator CS4 Adobe InDesign CS4 Adobe InDesign CS4 Application Feature Set Files (Roman) Adobe InDesign CS4 Common Base Files Adobe InDesign CS4 Icon Handler Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Additional Exporter Adobe Media Encoder CS4 Dolby Adobe Media Encoder CS4 Exporter Adobe Media Encoder CS4 Importer Adobe Media Player Adobe MotionPicture Color Files CS4 Adobe OnLocation CS4 Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop 7.0 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Premiere Pro CS4 Adobe Premiere Pro CS4 Functional Content Adobe Premiere Pro CS4 Third Party Content Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe SGM CS4 Adobe Shockwave Player 11.5 Adobe SING CS4 Adobe Soundbooth CS4 Adobe Soundbooth CS4 Codecs Adobe SVG Viewer 3.0 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe Version Cue CS4 Server Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB AiO_Scan_CDA AiOSoftwareNPI AOLIcon Apple Application Support Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver Atmosphere Lite v5.0 AutoCAD 2006 - English AutoCAD 2010 - English AutoCAD 2010 Language Pack - English Avery Wizard 3.0 Battlefield 1942 Bonjour BufferChm BUM Connect Consumer Complete Care Services Agreement CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig Creative MediaSource CueTour CustomerResearchQFolder DC Realism 1.0 Dell CinePlayer Dell Digital Jukebox Driver Dell Driver Download Manager Dell Driver Reset Tool Dell Support Center (Support Software) Dell System Restore DellSupport DesertCombat 0.7 DesignPro 5.4 Limited Edition Destinations DeviceManagementQFolder Digital Content Portal DocProc DocProcQFolder Documentation & Support Launcher DocumentViewer DocumentViewerQFolder Dropbox EducateU ELIcon eSupportQFolder Fax_CDA Fisher-Price Petshop FlashFXP v3 FullDPAppQFolder Games, Music, & Photos Launcher GameSpy Arcade GemMaster Mystic Google Earth Google SketchUp Google SketchUp 6 Google SketchUp 7 Google Toolbar for Internet Explorer Google Update Helper GoToAssist 8.0.0.514 GoToMeeting 4.1.0.366 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB961118) HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Driver Diagnostics HP Imaging Device Functions 7.0 HP Photosmart Essential HP Photosmart Premier Software 6.5 HP Photosmart, Officejet and Deskjet 7.0.A HP Product Detection HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant HTC Driver Installer HTC Sync InstantShareDevices InstantShareDevicesMFC Intel Matrix Storage Manager Intel(R) PRO Network Connections Drivers Intel(R) PROSet for Wired Connections iTunes Java Auto Updater Java(TM) 6 Update 24 Kid Pix Deluxe 4 KODAK EASYSHARE Gallery Easy Upload, v2.0 kuler L&H TTS3000 Español Learn2 Player (Uninstall Only) Lernout & Hauspie TruVoice American English TTS Engine Malwarebytes' Anti-Malware MarketResearch McAfee AntiVirus Plus MCU Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Office Project Professional 2003 Microsoft Office XP Professional with FrontPage Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 MobileMe Control Panel Mozilla Firefox (3.6.15) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Musicmatch® Jukebox MyPublisher Nero 6 Ultra Edition NewCopy_CDA OCR Software by I.R.I.S 7.0 Olympus DSS Player Otto PanoStandAlone PDF Settings CS4 PhotoGallery Photoshop Camera Raw Pixel Bender Toolkit ProductContextNPI Qualxserve Service Agreement QuickTime RandMap Readme RealPlayer Rhapsody Rhapsody Player Engine Roxio DLA Roxio MyDVD LE Roxio RecordNow Audio Roxio RecordNow Copy Roxio RecordNow Data Scan ScannerCopy Search Assist Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB926247) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB944338-v2) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958470) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971032) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB981350) Security Update for Windows XP (KB982381) SigmaTel Audio SkinsHP1 SlideShow Smartparts Desktop SolutionCenter Sonic Activation Module Sonic Advanced Decoder Sonic Encoders Sonic Update Manager Sonic_PrimoSDK Sound Blaster X-Fi Status Steam Suite Shared Configuration CS4 The Misadventures of P.B. Winterbottom Toolbox TrayApp Unload Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows XP (KB925720) Update for Windows XP (KB932823-v3) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 URL Assistant VBA (2627.01) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Winamp (remove only) Windows Installer 3.1 (KB893803) Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Format Runtime Windows Media Player 10 Windows Media Player 11 Windows XP Hotfix - KB885884 Windows XP Media Center Edition 2005 KB908246 WinRAR archiver WordPerfect Office 12 . ==== Event Viewer Messages From Past Week ======== . 3/25/2011 8:42:51 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 3/25/2011 8:33:25 AM, error: Service Control Manager [7001] - The Fax service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/25/2011 8:33:25 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified. 3/25/2011 8:33:25 AM, error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the path specified. 3/25/2011 11:24:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm 3/20/2011 1:24:04 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 3/18/2011 6:56:34 PM, error: DCOM [10005] - DCOM got error "%3" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} . ==== End Of File =========================== You said earlier that YOU found AVG files, The AVG is still on the Root of my C: drive...there is a folder$AVG and under that $Vault filed with a bunch of .fil files. Did you use the Search function of Revo to see if it could find those? That program does show as definitely running in every log you have posted, there are other things I could have you try but the av and firewalls would have to be turned off and we can't take that chance. Just noticed what you said earlier, AVG at this point but am also concerned I have a spoofed version of it now...even though I downloaded it off of CNET. The logs clearly show AVG Internet Security 2011, did you pay for this? The AVG Internet Security 2011 offered at CNET is a Free to TRY for 30 days version after 30 days it must be paid for, Price: Free to try (30-day trial);$43.99 to buy
The Price: Free to try (30-day trial); $43.99 to buy AVG Internet Security 2011 program includes the firewall, the AVG Free antivirus program does not. They don't offer a continuing free version of the Internet Security suite, only the "free to try". When did you put this McAfee program on there? Can you uninstall it also? Are you willing to do that? Did you pay for it or is it also a trial paid security suite? Neither AVG nor McAfee have very high marks today. There are many others which do a much better job, both free and paid. So, I had the free version of AVG. It did expire and that is when my trouble began. When I went to uninstall it it asked me if I wanted to convert to the free version or pay for pro. I selected free. It was not working very well and seemed to be getting in the way of things and McAfee had sent me an email stating that they had auto-renewed my subscription. I was PO'd about this and was going to tell them to refund my money before everything went haywire. I ultimately unistalled AVG (so I thought) and re-installed McAfee. I really hate McAfee...it bogs my computer down with its multiple runnning processes. So, not sure how to get the AVG off...the Revo is note doing anything...there is a$AVG folder but that apears to be leftover files from the uninstall. The strange thing is that it is showing in the logs. The viruse I got was an AV spoof virus so maybe it is showing itself as AVG?

I am will to uninstall McAfee. No question.

Maybe, but I doubt it. I think what happened is when you allowed the free trial to expire you probably lost the ability to uninstall. You might try downloading the same program again, install it and then immediately uninstall it.
Part of the problem is the McAfee on there too.
You got the infection, likely anyway, because you had two av programs running, even if you couldn't see both, and when you do that they fight against each other and let infection in.

Here is the CNET link for the AVG Internet Security 2011 Free.

You will have to turn each and every part of the McAfee program or completely uninstall it before doing anything with the AVG.
Uninstall McAfee via Add/Remove and then when it completes use the Revo program to look for and remove any remainders

After you get those off then you need to do the DDS scanner again.

Hi J...my email was hanging everytime I started it....would just peak my usage and freeeze up...so I unistalled McAfee and AVG...email still froze. Instead running the DDS scan and posting it I foolishly thought rolling back to a restore point would fix my email situation. I rolled back to a combofix restore point. That allows me to open my email but now I cannot get on the internet. It tells me I do not have an IP address.

Tell you what, I am a bit confused here concerning the running of Combofix? Who told you to run Combofix? I didn't, at least I don't believe I did on this thread. But you had all ready run it once a month before creating this thread who told you in February to run Combofix?

The combofix you most recently ran shows it didn't delete anything. But as I said, this is the second time this year that you ran Combofix, the first time was one month ago. Who told you to run it then? You have not posted here in over a year. At that time, Feb. 2010 you did use Combofix and were supposed to uninstall it. Did you?
Which run of Combofix did you roll back to, the one run on March 24 or the one run on February 27th?

A year ago in your previous thread you were running Microsoft Security Essentials not AVG,or McAfee. When and why did you make the switch to AVG?

To check your internet connection, open Internet Options, go to Connections, LAN Settings and make sure there is NO check mark in Proxy Server. If there is, take that out and see if you can connect.

Hi J...you actually told me to run combofix 13 days ago according to the thread. I did run it it in Feb 2010 and uninstalled it. This time I did not uninstall it.

I rolled back to the 24th. Now I can't get system restore to appear at all and I cannot get on the internet. I checked the LAN setting and proxy server is not set...all settings are set to detect IP automatically.

Hi J...you actually told me to run combofix 13 days ago according to the thread. I did run it it in Feb 2010 and uninstalled it. This time I did not uninstall it.

I rolled back to the 24th. Now I can't get system restore to appear at all and I cannot get on the internet. I checked the LAN setting and proxy server is not set...all settings are set to detect IP automatically.

I don't see a post where I told you to run Combofix, I only see one where you say "Try this one:

The combofix log shows that nothing was removed except an old HiJackThis program.
You rolled back to before combofix was run, because that is what combofix does, sets a restore point first before it begins the scan and before it removes any infection.

Why did you run it on February 27, 2011? That is the first run shown in the log. ComboFix2.txt 2011-02-27 Were things removed then?

You can look for the Combofix Quarantine folder. It is called C:\Qoobox\
Though by using System Restore that would take the system back to before the program had completed it's scan so I don't know that it would be there.

Look for it and see what is in there.

Hi J...I thing the confusion was stems from the fact that my post was editted rather that replied to...not sure how that happened but it confused me at the time as well. The instruction to run Combofix came after I could not get the DDS.scr to run.

I did run Combofix on the 27th in an attempt to work things out myself. I followed the sticky rules and then followed a thread with a similar problem to mine. No smart...I know.

So, my Qoobox folder is still there. Under that folder is the following:

Folders: BackEnv and Quarantine
Files: Add-Remove Programs.txt (3/24), Combofix-Quarantined-files.txt (3/24), [email]snapshot@2011-03-25_01.16.31.dat[/email] (3/24) and Combofix2.txt

Under the Quarantine Folder are:

Folders: C and Registry Backups
In the registry Backups folder are AddRemove-HijackThis.reg.dat and tcpip.reg both dated 3/24

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.