My laptop cannot get Microsoft Updates and I couldn't install most of the free scans

[Ried]

Hiya,

Windows Defender and SpySweeper both monitor registry changes. IESpyAd is directly modifying your registry, so try disabling both of those programs then try again to install IESpyAd.

Quote:

Freezing... not being able to navigate to another page... the cursor not responding... S-L-O-W internet... I NEVER had those problems here.

Is that happening on a consistent basis--or was that just during the course of that internet session?

There are 2 schools of thought as to whether or not to leave your system on all night. Personally, if you do not absolutely need to keep your computer on overnight, turn it off.

Registry Mechanic will likely always find minor issues with the registry--I wouldn't worry too much about that. If you like, post that last 'fix' by Registry Mechanic here for me to review.

Cookies will always be an issue. No one tool, nor combination of tools, can stop everything that is out there. No worries if 'new' ones make their way to your system--that's why you have tools such as SpySweeper and AVG A-S--scan with them on a regular basis and let them do their job cleaning that 'stuff' out.

[miracleshaman]

Maybe with all we've been doing, now things are incompatible or something... but this computer has been crashing all day! This has NEVER, EVER, EVER happened with this computer before! EVER! Last night (or was it this morning? whenever I wrote my last post...) was the first time. But today was like a nightmare! I lost all my work and had to start over 4 times, because everything kept locking up and I could not save anything, before either restarting IE or rebooting.

My "work" was online. I was uploading listings to ebay. And if I could even begin to tell you the frustration of getting descriptions done, down to the last sentence, and then having to start over again from the beginning. Over and over and over again! You don't want to hear the #!*@%$# words coming out of my mouth!!!!!

I must admit, all the freezing and crashing only happened during composing on ebay, so maybe it was on their end, but I don't think so. I think it only happened on there, because that is the only thing I was working on today. Or at least trying to!

The other thing going on was still trying to resolve the Updates problem. I had gotten to the point where I supposedly could now get Updates, but every installation failed! So the Updates guy had me do a whole bunch of other things, uninstall, clean, reinstall, download... and it seemed as if the problem was finally fixed. I was able to get 10 Updates from pretty far back.

So I'm supposedly caught up now. But the thing scans for over half an hour before it finds anything, and I had to run it 4 times, because everything kept freezing, so I had to keep starting over. So the frakkin' thing took ALL day! And added to the ebay data losses... All I can say is GRRRRRRRRH!

One scary thing is that simultaneous to the first ebay shutdown, a Snoop window opened and said someone was trying to read my keystrokes and if I kept typing they could read everything, so I should stop typing. But everything was frozen then, so I couldn't do anything. I couldn't even click on Snoop to say Yay or Nay! I had to do Cntrl-Alt-Del to close Snoop, and the same for ebay. The Snoop thing never came up again, but ebay froze 4 more times, as I've already said.

I reported all of this to the Updates person to see if there's anything he had me do that caused all of this. And at the very least, something is still very wrong there, because it should not have to scan for over half an hour to find any Updates I need.

So I am freaked! Things feel worse now than when we started. I have NEVER had any of these problems on this computer before today! Please help!

Jeez! Do we have to start all over again!!!!????!!!! What the Frickin-Frak is going on?

Oh Great! I can still type here, but I cannot do anything else! I wanted to send you the Registry Mechanic log, but when I try to click on ANYTHING I get that dull boop sound that lets you know your action cannot go through and you are stuck.

I swear I am going crazy!

[Ried]

Nothing we have done here would cause such issues. We'll just have to keep digging.

Please delete your current version of combofix.exe and download the updated version:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

-------------------------------------

Close any open browsers.

-------------------------------------

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

--------------------------------------

Download and run Blacklight

After you start the program and accept the license, you should see the first step which lets you scan for hidden items. Note that you must have local administrative privileges to run the program.

Click Scan. BlackLight will use Windows Explorer (the desktop process) to scan for hidden items. Your anti-virus software or personal firewall might display a warning that says Blacklight (blbeta.exe) is trying to manipulate the Windows Explorer process (explorer.exe). If you want to continue the scan, you need to allow BlackLight to do this.

When it finishes, click Next. Click on Close.

BlackLight beta will create a log file "fsbl-<date-and-time>.log". By default, the log file is in the same directory as the executable. Please post the log here along with the ComboFix.txt.

[miracleshaman]

ComboFix Log:

"Suraya Rose Sarae" - 06-12-19 22:09:50.68 Service Pack 2
ComboFix 06-12-19.2W-BetaE2 - Running from: "C:\Documents and Settings\Suraya Rose Sarae\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-19 to 2006-12-19 ))))))))))))))))))))))))))))))))))


2006-12-19 13:47 <DIR> d-------- C:\WINDOWS\system32\DRM
2006-12-19 13:31 36,352 --------- C:\WINDOWS\system32\tsgqec.dll
2006-12-19 13:31 288,768 --------- C:\WINDOWS\system32\rhttpaa.dll
2006-12-19 13:31 116,736 --------- C:\WINDOWS\system32\aaclient.dll
2006-12-19 13:03 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2006-12-17 22:08 90,112 --a------ C:\WINDOWS\system32\SnoopFreeSvc.exe
2006-12-17 22:08 9,472 --a------ C:\WINDOWS\system32\drivers\SnopFree.sys
2006-12-17 22:08 45,056 --a------ C:\WINDOWS\SnoopFreeDll.dll
2006-12-17 22:08 221,184 --a------ C:\WINDOWS\SnoopFreeUI.exe
2006-12-17 21:08 21,312 --a------ C:\WINDOWS\choice.exe
2006-12-17 21:07 <DIR> d-------- C:\ie-spyad
2006-12-17 21:05 <DIR> d-------- C:\Program Files\SpywareGuard
2006-12-17 13:27 24,265,736 --a------ C:\dotnetfx.exe
2006-12-17 12:48 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2006-12-17 12:48 <DIR> d-------- C:\Program Files\MSECACHE
2006-12-16 14:25 <DIR> d-------- C:\WINDOWS\SoftwareDistribution
2006-12-14 19:55 <DIR> d-------- C:\Program Files\HijackThis
2006-12-10 09:51 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-08 23:18 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2006-12-08 23:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-08 22:43 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-12-08 22:42 <DIR> d-------- C:\DOCUME~1\SURAYA~1\.housecall6.6
2006-12-02 13:18 <DIR> d-------- C:\Program Files\Windows Defender
2006-12-02 12:34 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-12-02 11:58 684,032 --a------ C:\WINDOWS\system32\libeay32.dll
2006-12-02 11:58 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2006-12-02 11:58 15,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-12-02 11:58 15,360 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-12-02 11:58 14,848 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-12-02 11:58 122,368 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-12-02 11:58 <DIR> d-------- C:\Program Files\Webroot
2006-12-02 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2006-12-02 11:54 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\Webroot
2006-12-02 01:24 178,408 --a------ C:\WINDOWS\system32\muweb.dll
2006-12-01 23:20 <DIR> d-------- C:\Program Files\Registry Mechanic
2006-12-01 17:55 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-12-01 17:01 <DIR> d-------- C:\Program Files\OfficeUpdate11
2006-11-29 22:51 <DIR> d-------- C:\DOCUME~1\SURAYA~1\APPLIC~1\OfficeUpdate12
2006-11-27 03:45 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2006-11-26 15:59 <DIR> d-------- C:\Program Files\SpywareBlaster


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-02 11:54 -------- d-------- C:\DOCUME~1\SURAYA~1\Application Data\webroot
2006-12-01 17:07 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-13 01:02 1866240 --a------ C:\WINDOWS\system32\mstscax.dll
2006-11-10 10:39 8192 --a------ C:\WINDOWS\system32\sispinst.dll
2006-11-10 10:38 258048 --a------ C:\WINDOWS\system32\sisparse.dll
2006-11-10 10:38 172032 --a------ C:\WINDOWS\system32\sisinst.dll
2006-11-10 10:37 49152 --a------ C:\WINDOWS\system32\sisbase.dll
2006-11-10 07:08 3457536 --a------ C:\WINDOWS\system32\sisgrv.dll
2006-11-10 07:03 266752 --a------ C:\WINDOWS\system32\drivers\sisgrp.sys
2006-11-09 19:28 16896 --a------ C:\WINDOWS\system32\drivers\srvkp.sys
2006-11-09 19:28 1571001 --a------ C:\WINDOWS\system32\sisgl.dll
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 03:06 600576 --a------ C:\WINDOWS\system32\mstsc.exe
2006-11-06 11:35 531568 --a------ C:\WINDOWS\system32\rmactivate_isv.exe
2006-11-06 11:35 523376 --a------ C:\WINDOWS\system32\rmactivate.exe
2006-11-06 11:35 519280 --a------ C:\WINDOWS\system32\secproc_isv.dll
2006-11-06 11:35 518768 --a------ C:\WINDOWS\system32\secproc.dll
2006-11-06 11:35 358000 --a------ C:\WINDOWS\system32\rmactivate_ssp.exe
2006-11-06 11:35 354416 --a------ C:\WINDOWS\system32\rmactivate_ssp_isv.exe
2006-11-06 11:35 323696 --a------ C:\WINDOWS\system32\msdrm.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp_isv.dll
2006-11-06 11:35 192624 --a------ C:\WINDOWS\system32\secproc_ssp.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 14:10 82432 --a------ C:\WINDOWS\system32\msxml4r.dll
2006-10-30 00:15 -------- d-------- C:\Program Files\divx
2006-10-28 01:38 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-28 01:38 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-28 01:38 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-28 01:38 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --------- C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\wmvsencd.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\wmvxencd.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadve.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvadvd.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\mp4sdecd.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\portabledeviceapi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\wpdshext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mpg4decd.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\mp43decd.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\mfplat.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\portabledevicewmdrm.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\portabledevicetypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\wmvencod.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\wmvdecod.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\wmvsdecd.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\wpdshserviceobj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\portabledevicewiacompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\laprxy.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\portabledeviceclassextension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:33 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-17 13:33 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-17 13:33 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-17 13:33 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-17 13:33 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-17 13:33 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-17 13:33 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 13:01 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-17 13:01 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-17 13:01 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-17 13:01 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-17 13:01 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-17 13:01 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-17 13:00 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-17 13:00 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-17 13:00 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-17 12:23 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-13 07:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-11 13:07 252752 --a------ C:\WINDOWS\system32\odc.dll
2006-10-11 11:24 58880 --a------ C:\WINDOWS\system32\pnrpnsp.dll
2006-10-11 11:24 553984 --a------ C:\WINDOWS\system32\p2psvc.dll
2006-10-11 11:24 313344 --a------ C:\WINDOWS\system32\p2pgraph.dll
2006-10-11 11:24 153088 --a------ C:\WINDOWS\system32\p2p.dll
2006-10-11 11:24 116224 --a------ C:\WINDOWS\system32\p2pnetsh.dll
2006-10-11 11:24 104960 --a------ C:\WINDOWS\system32\p2pgasvc.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\divx.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\wudfcoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\wudfsvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\wudfx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\wudfplatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\wudfhost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryMechanic"=""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"SnoopFreeUI"="SnoopFreeUI.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"="SpywareGuard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\wrSpySweeperTrialSweep.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-19 22:19:46.39
C:\ComboFix2.txt ... 06-12-14 20:01

~~~~~~~~~~~~~

BlackLight Log:

12/19/06 22:33:51 [Info]: BlackLight Engine 1.0.47 initialized
12/19/06 22:33:51 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/19/06 22:33:54 [Note]: 7019 4
12/19/06 22:33:54 [Note]: 7005 0
12/19/06 22:34:09 [Note]: 7006 0
12/19/06 22:34:10 [Note]: 7011 1416
12/19/06 22:34:11 [Note]: 7026 0
12/19/06 22:34:11 [Note]: 7026 0
12/19/06 22:34:30 [Note]: FSRAW library version 1.7.1020
12/19/06 22:36:46 [Note]: 7007 0

~~~~~~~~~~~~~~~

I actually hope you find something!

[Ried]

I wish I'd see something as well, unfortunately no. My concern is that Registry Mechanic 'fixed' something in error.

This is what I'd like you to do:

Click Start>All Programs>Accessories>System Tools

• Select System Restore
• Next, select 'Restore my computer to an earlier time'
• Choose a bolded date closest to just before all these problems began--you will not lose any documents that you've created. System Restore will only affect installs and downloads. Depending on how far back you have to go, you may have to repeat your Windows Critical Updates downloads. At this point, I wouldn't worry about IESpyAd re-install--let's stabilize this system first.
• Follow the on-screen prompts.

[miracleshaman]

The keylogger notice just came up again on ebay. I think now I have so much protection, even innocuous things get tagged. Here's the notice. I think its an overreaction! (Though that doesn't put my mind at ease about everything else. But I'm not as freaked as I was. And so far, no more crashes.)

Unauthorized Keyboard Hook
EXTREME PRIVACY RISK -- Use Extreme Caution

Program Name: "Internet Explorer"
Program Path : "C:\WINDOWS\system32\ieframe.dll"

The program named above is trying to hook your keyboard. If you allow this, the program will be able to watch every key you press. If you want to allow this program to watch every key you press, you should click the 'Allow Access' button below.

If you're not sure that you want to allow this program to watch your keyboard, you can get more information by clicking the (Whoops! I guess that's as far as I copied, but you get the picture.)

[Ried]

Yes, allow ieframe.dll. That is a legit part of IE7 and necessary for it to function properly with websites.

[miracleshaman]

Re: the system restore point... should I pick the one that Registry Mechanic created just before it "fixed" whatever it did? (And yes, I will lose all those painstakingly acquired Updates. Cripes! Hopefully, they won't take 10 hours to download again this time!) Or should I go back even further? Actually, the one previous was created by Registry Mechanic also. Maybe I shouldn't always delete everything it finds as bad?

[Ried]

Well, let's hold on a sec with that System Restore. Now that you're allowing ieframe.dll access, is the system behaving better? Have you 'tested' e-bay since doing that?

[miracleshaman]

Hey, it looks like I can reverse an action in Registry Mechanic. Maybe that way I won't lose all the Updates?

What it removed was something called Hive: HKEY_CURRENT_USER Registry Location: Software\Gabest\vsfilter\DefTextPathes Value Name: Path1 Data: c:/subtitles Type:1

Do you know what that is? Should I restore it?

[miracleshaman]

Looks like our posts are crossing.

I don't know about ebay now. I'll check it out and let you know.

I will tell you that moving from page to page online is a pain. At least using the back (or forward) button is. I have to click it at least 4 times, before the page will move. Scrolling up and down a page too. But the whole system hasn't locked up in several hours. So hopefully, that is over with. That was a killer!

[miracleshaman]

Well, its slower than all get out. I could probably churn butter before a page comes up. But all that incessant freezing and keylogger messages seem to have stopped. I didn't try to create any new listings, though I got into my listings to play around in the pages, and I could edit, and change categories with no problems. So I feel pretty safe to try to create new ones now. Though I will say that every webpage I'm on, including this one here, says "Done, but with errors on page." in the lower right corner. So something clearly isn't right!

[Ried]

I'm still thinking it's an issue with IE7. I'd like to test that theory, if I may. Would you mind downloading and using another browser? It will help me determine which course of action to take next.

Please download and install this alternate browser: Firefox www.mozilla.org/products/firefox

Try navigating the internet with Firefox and let me know if that browser behaves the same way as IE--or if it's operating as expected.

[miracleshaman]

You know, I have Firefox already, and I know its up-to-date, with the cache emptied even... While I was waitng all those days to get started here, I was reading other threads, and making sure you have the current version... and to empty the cache were always suggestions other people had, so I did those as well. I just never use it. If there are none of the problems I'm having with IE, with Firefox, you definitely might be on to something! I'll check it out and let you know!

[miracleshaman]

You are one mighty brilliant fellow! I have no problems at all with Firefox!

The only thing was that I could not get back into the forum on it, because I don't remenber my password. With IE, I never signed out. So I'm back here now using IE. Which actually is a little bit better, but not totally. I asked the administrator to email me my password, because I would like to explore the forum using Firefox and see if these is any discernable difference, following your insructions from there.

But, get a load of this! Look at these notes that I found on the ebay site today!
***Resolved - Issues with Sign-in***

December 19, 2006 | 11:56AM PST/PT

From 0925 PT to 1110 PT, a few members may have been unable to sign in to their eBay accounts. This issue has now been resolved.

Thank you for your patience.

***Issues with Sign-in***

December 19, 2006 | 09:52AM PST/PT

Some members may be unable to sign in to their eBay accounts at this time. We're aware of this issue and are working to fix it as quickly as possible.

Thank you for your patience.

***Resolved: Issues with Search***

December 18, 2006 | 05:13PM PST/PT

All issues related to Search have been resolved. If you still experience errors, try clearing your browser cache and then shut down the browser before continuing. We apologize for any inconvenience this may have caused and appreciate your patience.

***Issues with Search***

December 18, 2006 | 04:03PM PST/PT

Some members may be experiencing errors or slowness when initiating searches. We're aware of this issue and are working to fix it as quickly as possible.


So it wasn't all me!!!!!!! I did say maybe it was something on their end. But I was really surprised to find out that was the case! At least, in part.


Thank you so much for your patience and all your hard work! Now, I'm back to thinking we may be done after all. Unless you have something more to suggest. (And I do have a couple questions about Firefox.)

[Ried]

Nice work.

I would suggest that you begin a thread in the Internet Explorer Forum and see if the experts there can help you resolve the issue with IE7. Do let them know that you've been cleared of any malware in the HijackThis Forum.

What questions do you have about Firefox?

[miracleshaman]

I'm a little unsure of the best way to use the Scripts/Options button in the lower right. I see I have the option to allow the site I am on, (I get that) and it gives the option to allow ads or not. (That part's cool!) But there are other items that I don't know what to do with. And that squiggly sound it makes, when I go on to any page, either makes me jump out of my skin or is just really annoying. I don't use it for that reason.

I'd love a little explanation of the best way to use that Scripts thing. And I don't "get" a lot of the Add-Ons. I know this is not a malware issue, but if you could take a moment to clarify these with me, I'd be grateful.

Is Firefox a lot better than IE? Safer? There are some sites I cannot get on to at all with Firefox. I guess I can use IE for those. And use Firefox generally otherwise. I would if I knew WHY I should!

And oh, before I forget, how do I retrieve my password for this forum, so I can experiment with using Firefox here? I wrote to the administrators, but have not heard back yet.

Thanks much for your help with this, as well as with everything else! You've been awesome!

[Ried]

Hi,

I would suggest posting all those questions about Firefox in the Mozilla/Firefox Browsers section of the forum--you've be much better served by the experts there.

You should be hearing back from the Administration soon regarding your password.

Is there anything else I can help you with?