# Windows XP and IE 8 and connection errors



## Vikkipew123 (Jul 25, 2009)

About 4 weeks ago, for some reason, my screen started moving around whenever I was trying to enter information. Just as I was trying to open MSN email...a window popped up with something about "disable something in msn" and I inadvertantly clicked on it and my computer has not worked properly since....the screen freezes and I get a message saying "site not responding". It closes and I have to reconnect with the internet. Then it usually takes up to 5 or 6 tries before I can get connected again. I get this messgage " the instruction at "0x7c910b2c referenced memory at "0x72676F72 could not be written" or another that says "the instruction at 0x7c910b2c referenced memory at 0x000901dl" could not be written and another that says the same but the last number is "0x000901d7"

Does anyone know what that means and how to fix it?

Also, I have lost my Google toolbar and I had Verizon as my ISP but have not had it since 2005 when I switched to Comcast.

On recommendation from someone on this site, I have already done a virus scan, an anti-spy scan, and a malware scan and also a system restore. It has partially worked but I am still having most of the same problems as described above.

Someone gave me directions to run a HJT log which it attached below. I hope someone can help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:00:10 PM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\QUICKENW\QAGENT.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\comcasttb\CIDGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [QAGENT] C:\PROGRA~1\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKUS\S-1-5-21-173008773-1445276385-955046455-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-173008773-1445276385-955046455-1003\..\Run: [MoneyStartUp] c:\Program Files\Microsoft Money\System\Money Startup.exe (User '?')
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {E0AC077C-457D-43E3-871D-224F456394D3} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.live.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.msn.com
O15 - Trusted Zone: http://*.passport.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123633840135
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://playgames.comcast.net/gameshell/online/en/chainz2/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13694 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya

Don't normally do this, but as I'm back from a nice long holiday and I saw you post, I thought 'What the heck' 

Lets see if malware is causing any of the problems to start with, and if all clear, we'll work on the other stuff 

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Please download Malwarebytes' Anti-Malware from *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Download and scan with* *SUPERAntiSpyware* Free for Home Users
Double-click *SUPERAntiSpyware.exe* and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "*Yes*". If not, update the definitions before scanning by selecting "*Check for Updates*". (_If you encounter any problems while downloading the updates, manually download and unzip them from here._)
Under "*Configuration and Preferences*", click the *Preferences* button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked _(leave all others unchecked)_:
_Close browsers before scanning._
_Scan for tracking cookies._
_Terminate memory threats before quarantining._

Click the "*Close*" button to leave the control center screen.
Back on the main screen, under "*Scan for Harmful Software*" click *Scan your computer*.
On the left, make sure you check *C:\Fixed Drive*.
On the right, under "*Complete Scan*", choose *Perform Complete Scan*.
Click "*Next*" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "*OK*".
Make sure everything has a checkmark next to it and click "*Next*".
A notification will appear that "_Quarantine and Removal is Complete_". Click "*OK*" and then click the "*Finish*" button to return to the main menu.
If asked if you want to reboot, click "*Yes*".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
_Click *Preferences*, then click the *Statistics/Logs* tab._
_Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*._
_If there are several logs, click the current dated log and press *View log*. A text file will open in your default text editor._
_Please copy and paste the Scan Log results in your next reply._

Click *Close* to exit the program.

*We Need to check for Rootkits with RootRepeal*

Download RootRepeal from the following location and save it to your desktop.
*Zip Mirrors (Recommended)*
Primary Mirror
Secondary Mirror
Secondary Mirror

*Rar Mirrors* - Only if you know what a RAR is and can extract it.
Primary Mirror
Secondary Mirror
Secondary Mirror


Extract RootRepeal.exe from the archive.
Open







on your desktop.
Click the







tab.
Click the







button.
Check all seven boxes:








Push Ok
Check the box for your main system drive (Usually C, and press Ok.
Allow RootRepeal to run a scan of your system. This may take some time.
Once the scan completes, push the








button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










Please include the *MBAM log, SAS log, RootRepeal.txt and a fresh HijackThis log *in your next reply

Regards

eddie


----------



## Vikkipew123 (Jul 25, 2009)

Thanks, Eddie

I was in despair hoping that someone would see this an try to help. I got an email from someone who told me to BUMP it...I have no idea what they were talking about....I am NOT tech savvy and these terms just go over my head....I have been ill for the last few days, that's why I didn;t answer sooner....I am going to TRY to do all the things you said, I just hope I don't mess u somewhere along the line...I hate to think that I am going to have to buy another computer....thanks again

vikkipew123


----------



## eddie5659 (Mar 19, 2001)

Its okay, I tend to actually go to threads that are a week old, to clear up the backlog 

Bumping a thread: Just reply to it with anything, eg 'Bumping for a reply' 

Its okay once someone has replied, but its a good thing to do if no one has after a certain amount of time.

There's no rush, when ever you're feeling better, as your health is more important than a computer

eddie


----------



## Vikkipew123 (Jul 25, 2009)

Hello, Eddy

I have sufficiently recovered and am ready to tackle my computer...you ell me to download a particular item " TFC by oldtimer" but you did not tell me how to find it...I am not computer literate, it is like flying blind..you will need to help me through this step by step.....I printed out your instructions, so once I do this download, I can pretty much follow from the print out. If I run into trouble, I will contact you..thanks for your assistance


----------



## eddie5659 (Mar 19, 2001)

That's okay 

Okay, in the first of my reply, it says this:

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

If you look at the part in red:

*TFC by OldTimer*

That is actually the link, just click on it 

Hover your mouse over it, and you will see at the bottom left of your page, a website address appear. That's when you know its a link, and not just some writing.

Its the same with the other programs. Any problems, just let me know, and good to see you back 

eddie


----------



## Vikkipew123 (Jul 25, 2009)

Hi, Eddy
I ran into a problem....I did the download for malwarebytes and it ran ok, but when I tried to do the exe.setup part, it tells me that the set up file is corrupted and I have to get a new version....what now?

vikkipew


----------



## Vikkipew123 (Jul 25, 2009)

Hi, Eddy

I figured out what was wrong with the download...I found a help line and it said to reload the setup....apparently it has something to do with what time I tried to download...it is working ok now. I am just about to do the super antispy portion now..It got so late last night, after 1:00 am, that I decided to continue later in the morning after I had gotten some sleep...will let you know later how it goes....

vikkipew


----------



## eddie5659 (Mar 19, 2001)

Oki doki, no worries about how long it takes, as I'll see them when you reply


----------



## Vikkipew123 (Jul 25, 2009)

Hi, Eddy
I have run into another snag...I did the EFC and SAS downloads and logs, so I am working on rootrepeal...do I access the exe. part from the window that opens up with rootrepealexe inside it, or do I download exe to my desktop and run it from there? I tried it that way but nothing is happening, so most likely I got it wrong...also, the mirrors, do I download ALL of them or just the primary one? I really am a novice at this stuff...

vikkipew


----------



## eddie5659 (Mar 19, 2001)

Hiya

At work so can't test the actual links. However, when you download RootRepeal, it will either be in a zip or rar file.

What I would do, is drag the RootRepeal program (RootRepeal.exe) onto your Desktop, so that you can run it from there (Desktop)

Its not advisable to run any programs direct from the folder it was downloaded from.

As for which one, they are all the same, so pick the first link. The mirrors are there in case one of the links is unusable, so we have a few to choose from 

I'd start from the first link, as its a zip file, and you should be able to extract it by dragging to your desktop 

eddie


----------



## Vikkipew123 (Jul 25, 2009)

ok, thanks

now I have another issue, it is a minor one, though.....how do you unpin things from the start menu? I haven't been able to figure this one out, so there are so many things that open with the start menu that it sometimes takes 2 or more minutes for the computer to start up

vikkipew


----------



## eddie5659 (Mar 19, 2001)

Ah, the startup list. Well, if you post a fresh HijackThis log, I can go thru them for you.

It will take a while, and as I'm off to sleep now (1am here), I'll look in the morning for you 

eddie


----------



## Vikkipew123 (Jul 25, 2009)

Another thing...looking at the HJT log, in the 09 portion of it, there are 3 lines that state that www.comcast.net, comcastsupport.com and another one says "file missing" Comcast is my ISP so maybe there is a problem with it?


----------



## eddie5659 (Mar 19, 2001)

Possibly, I'll have a detailed look at lunch-time.

In the meantime, if its possible for the logs for the scans that you're doing as well, as there may well be malware present 

I tend to reply to the threads that are a week old, which is why I've asked for updated HijackThis logs after running some programs. Many times I see a different HijackThis log appear after a few days after running the above programs


----------



## eddie5659 (Mar 19, 2001)

Also, it has been nearly 3 months since the original HijackThis log, so I would definatly start by running the programs to produce the logs first, with a final scan by HijackThis to produce the fresh log.

Then, I can look at all together


----------



## Vikkipew123 (Jul 25, 2009)

I am going to run the HJT log again and send it to you, along with the SAS and MBAM logs...I can't get the rootrepeal to run...It is on my desktop, and when I click on it, it says "initializing, please wait" then nothing happens....thanks for your help, I would have never gotten this far without it

vikkipew


----------



## Vikkipew123 (Jul 25, 2009)

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:19 PM, on 11/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\QUICKENW\QAGENT.EXE
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO:  - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Comcast Toolbar - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [QAGENT] C:\PROGRA~1\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: MySurvey Messenger.lnk = C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Support - {E0AC077C-457D-43E3-871D-224F456394D3} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.live.com
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: http://*.msn.com
O15 - Trusted Zone: http://*.passport.com
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...apple.com/qt505/us/win/QuickTimeInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {50F65670-1729-11D2-A51F-0020AFE5D502} (ForumChat) - http://objects.compuserve.com/chat/RTCChat.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123633840135
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://playgames.comcast.net/gameshell/online/en/chainz2/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
--
End of file - 15581 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 3167
Windows 5.1.2600 Service Pack 3
11/13/2009 11:57:21 PM
mbam-log-2009-11-13 (23-57-03).txt
Scan type: Quick Scan
Objects scanned: 116775
Time elapsed: 48 minute(s), 14 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{30000273-8230-4dd4-be4f-6889d1e74167} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.


----------



## Vikkipew123 (Jul 25, 2009)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/14/2009 at 03:55 PM
Application Version : 4.30.1004
Core Rules Database Version : 4272
Trace Rules Database Version: 2154
Scan type : Complete Scan
Total Scan Time : 03:56:16
Memory items scanned : 661
Memory threats detected : 0
Registry items scanned : 5893
Registry threats detected : 0
File items scanned : 27017
File threats detected : 203
Adware.Tracking Cookie
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected]wjadserver[2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][4].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][6].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][4].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][5].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][3].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
C:\Documents and Settings\CHARLES SMITH\Cookies\[email protected][1].txt
.atdmt.com [ C:\Documents and Settings\LORRAINE SMITH\Application Data\Mozilla\Profiles\default\bqon4473.slt\cookies.txt ]
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt
C:\Documents and Settings\LORRAINE SMITH\Cookies\[email protected][2].txt

here is the last one...I had to break it up into 2 emails because it was too large

vikkipew


----------



## eddie5659 (Mar 19, 2001)

That's okay 

Just off to make my dinner, so back in 20 mins or so. Don't worry too much about RootRepeal, there have been some problems lately with it, but the developer is working on it 

I'll have a good look in a bit


----------



## eddie5659 (Mar 19, 2001)

Okay, you have a few things that need to be dealt with. I've gone thru the startup list, but a few are bad, so need to clear those before we trim the list 

Download ComboFix from one of these locations:

*Both are the same, just pick one of the links*

*Link 2*
*Link 3*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

*Very Important!* Temporarily *disable* your *anti-virus*, *script blocking* and any *anti-malware* real-time protection _*before*_ performing a scan. 
Click on *this link* to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re-enable the protection again afterwards before connecting to the Internet.*

In the above, you're looking for WINDOWS DEFENDER

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.


----------



## Vikkipew123 (Jul 25, 2009)

the window for the recovery console never came up....now what? Is this even fixable?

vikkipew


----------



## eddie5659 (Mar 19, 2001)

Did the program fully run, and produce a log? If so, post that, as it may already be installed.

It should be in C:\ComboFix.txt

The above is in case it doesn't. If its not, we'll install it manually. Don't worry, the pc will be okay at the end. What works for somone may not work for someone else, but we'll work through it 

eddie


----------



## Vikkipew123 (Jul 25, 2009)

not as far as I could tell....nothing happened when I clicked on it, just told me to wait while it initialized, then nothing...where do I find the
C:combofix.txt? I am unfamiliar with how to look up things like that...

vikkipew


----------



## eddie5659 (Mar 19, 2001)

Did you disable your antivirus programs before running it?

If you're not sure, this is how:

*WINDOWS DEFENDER*


Click Start > Programs > Windows Defender or launch from the system tray icon.
Click on Tools & Settings > Options.
Under Real-time protection options, *uncheck* the "Real-time protection" check box.
Click Save.
Go to Start > Control Panel > Security > Windows Defender, at the bottom of the Window Defenders page *uncheck* under Administrator Options "*use Windows Defender*" and then Save.
_(When we are done, you can re-enable Defender using the same steps but this time place a check next to "Turn on real-time protection" check box.)
_
_

For ComcastSpywareScan, see if its in your tray near your clock. If it is, right-click and slect Exit or close on the icon. Not sure if it would be there or not, as I'm not used to this product.

For Malwarebytes Anti-Malware, rightclick and select Exit.

Do the same for SUPERAntiSpyware.

For mcafee, see if any of these two apply:

*MCAFEE ANTIVIRUS*

Please navigate to the system tray on the bottom right hand corner and look for a M sign.


Right-click it -> chose *"Exit."*
A popup will warn that protection will now be disabled. Click on *"Yes"* to disable the Antivirus guard.

*MCAFEE SECURITY CENTER 7.1*

Please navigate to the system tray and double-click the taskbar icon to open Security Center.


Click Advanced Menu (bottom mid-left).
Click Configure (left).
Click Computer & Files (top left).
VirusScan can be disabled in the right-hand module and set when it should resume or you can do that manually later on.
Do the same via Internet & Network for Firewall Plus.

*Remember to re-enable the protection again afterwards before connecting to the Internet. *

Then, try ComboFix again 

As for the C:combofix.txt, if you open up My Computer by doubleclicking on the icon on your Desktop, then double-click on the C Drive.

There should be a file called Combofix in there. If not, it hasn't run it, so hopefully the above will work.

If not, we have other things to look at 

eddie_


----------



## Vikkipew123 (Jul 25, 2009)

Is it possible that by downloading all these programs that I have over-run my computer? I tried to get into my control panel and it just kept searching, using the flashlight and it did not open....I also got an error message when I tried to save a document, it said it could not open the document files.


----------



## Vikkipew123 (Jul 25, 2009)

I tried again to open the control panel and it says that there is not enough space for environment, whatever that means


----------



## eddie5659 (Mar 19, 2001)

I doubt the programs, as in the ones I asked you to disable, will cause this problem in XP with freezing.

So, lets try this to see if a cleanup is in order.

First, make sure you run the TFC program outlined here, as posted before:

Download *TFC by OldTimer* to your desktop

 Please double-click *TFC.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
It *will close all programs* when run, so make sure you have *saved all your work* before you begin.
Click the *Start* button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. *Let it run uninterrupted to completion*. 
Once it's finished it should *reboot your machine*. If it does not, please *manually reboot the machine* yourself to ensure a complete clean.

Then, use ATF cleaner as follows:

Please download *ATF Cleaner* by Atribune.

*Caution: This program is for Windows 2000, XP and Vista only*


Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
If you use Firefox browser
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
If you use Opera browser
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.
Click *Exit* on the Main menu to close the program.
For *Technical Support*, double-click the e-mail address located at the bottom of each menu.

Reboot, then try again.


----------



## Vikkipew123 (Jul 25, 2009)

sorry I have not been online...recovering from another bout of illness....whatever it is, it goes away, then comes back again. My husband is also plagued with it....I am going to do the last thing you instructed and be in touch in a few days...

vikkipew


----------



## eddie5659 (Mar 19, 2001)

That's okay, your health is more important than a computer.

Take care, both of you, and see you when you're better


----------



## eddie5659 (Mar 19, 2001)

re-opening thread


----------



## Vikkipew123 (Jul 25, 2009)

will I have to run all the logs again?


----------



## eddie5659 (Mar 19, 2001)

I'll have to have a read thru the thread again, as its been over 45 days since you were last on.

It'll either be this afternoon or tomorrow evening, as I'll need to make some notes again


----------



## eddie5659 (Mar 19, 2001)

As its been a long time since you were last on, update MBAM and SAS again, and re-run them. Make sure you run the TFC and ATF programs before you do the scans.

Then, delete the copy of RootRepeal you have on your Desktop, and download this one:

Download *RootRepeal* from one of the following locations and save it to your desktop:
*Link 1*
*Link 2*
*Link 3*

Double click







to start the program
Click on the *Report* tab at the bottom of the program window
Click the







button
In the *Select Scan* dialog, check:
*
[*]Drivers
[*]Files
[*]Processes
[*]SSDT
[*]Stealth Objects
[*]Hidden Services
[*]Shadow SSDT*

Click the *OK* button
In the next dialog, select *all drives* showing
Click *OK* to start the scan
_Note: The scan can take some time. *DO NOT* run any other programs while the scan is running_​
When the scan is complete, click the







button and save the report to your Desktop as *RootRepeal.txt*
Go to *File*, then *Exit* to close the program

Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  ) [/list]











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RootRepeal.txt* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










And we'll go from there 

eddie


----------



## Vikkipew123 (Jul 25, 2009)

thanks for all your help...this problem has been resolved by an unlikely source...my husband took it upom himself to get help elsewhere while I was incapacitated....the computer is running fine now and I appreciate your efforts on my behalf....I am still not completely recovered and will most likely not be online again for awhile....again, I thank you for your efforts....


----------



## eddie5659 (Mar 19, 2001)

No problem, glad to hear that its running okay.

Also, take care of yourself, as health is more important than a computer 

What I will do, is post how to remove the tools we've used up to this point., 

Back in a bit

eddie


----------



## eddie5659 (Mar 19, 2001)

*Follow these steps to uninstall Combofix and tools used in the removal of malware*


Click *START* then *RUN*
Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there










--------

You can delete the *RootRepeal* program off your Desktop.

===========

We have a couple of last steps to perform and then you're all set.

Go to Control Panel and open the *Internet Options*. Click on the *Advanced tab* and do the follwing:

 Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply
Then, click on the *Security tab* and do the following:

 Make sure the Internet icon is selected.
 Select *Custom Settings*.
 From the drop down menu, select *Medium*, and press *Reset* and select Yes. If its already on *Medium*, still click on the Reset button.
 Apply and OK.

Secondly, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click *Start*.
* Open *My Computer*.
* Select the *Tools menu* and click *Folder Options*.
* Select the *View* tab.
* Under the *Hidden files and folders* heading *UNSELECT Show hidden files and folders*.
* *CHECK* the *Hide protected operating system files (recommended)* option.
* Click *Yes* to confirm.
* Click *OK*.
Next, let's clean your restore points and set a new one:

*Reset and Re-enable your System Restore* to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
*1. Turn off System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.
*2. Restart your computer.*

*3. Turn ON System Restore.*
On the Desktop, right-click *My Computer*.
Click *Properties*.
Click the *System Restore* tab.
UN-Check *Turn off System Restore*.
Click *Apply*, and then click *OK*.

*System Restore will now be active again.*

*Other Software Updates*
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for *Java* and *Adobe* as these are subject to many security vulnerabilities.
------------------------

Now that you are clean, to help protect your computer in the future I recommend that you get the following free program: 
*SpywareBlaster* to help prevent spyware from installing in the first place.
You should also have a good firewall. Here are 2 free ones available for personal use:
*Sunbelt Personal Firewall*
*ZoneAlarm*
and a good antivirus (these are also free for personal use):
*AVG Anti-Virus*
*Avast Home Edition*
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit 
*Microsoft Windows Update*
monthly. And to keep your system clean run this free malware scanner

*Malwarebytes' Anti-Malware*

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this about Security online: *General Security Information, How to tighten Security Settings and Warnings *

Have a safe and happy computing day!

eddie


----------

