Tons of pop-ups, now very slow - did basic steps

[LDousay]

About two week ago, I began to have tons of pop-ups. Nortons said the computer was clean, so I tried to restore, but the computer would not allow me to restore to any previous date. I downloaded Malwarebytes. The first time I ran Malwarebytes it would not complete, but said there was over 160 infected files with Trojan, and other names. I did not know to keep the log, and I deleted it. Then, I ran Malwarebytes again. This time it completed and said all problems were fixed. I removed Norton’s and added AVG, and Zone Alarm, ATF Cleaner, Avast. SUPERAntiSpyware, Spybot, Ad-Aware, then ran HijackThis.

The pop-ups have gone, but now my computer is very slow starting, and very slow opening Word and Excel files. I did defrag, but it has not helped. I have backed-up my important documents. I cannot find my Windows Install Disk. The computer is several years old.

Here is the log you requested, and I tried to attach the other two.
Thank you for your help.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 17:35:07.28 on Mon 10/26/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.361 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
svchost.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Webshots\webshots.scr
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=81567300
mSearchAssistant = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=81567300
uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero dsl\SearchEnh1.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - HP Print Enhancer
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Pop-up Blocker: {4224ff33-c2eb-4039-b8c8-6eed565b9d96} - c:\program files\netzero dsl\PopupBlocker.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\x1IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express 5 se\calcheck.exe
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [NetZeroDSL] "c:\program files\netzero dsl\ConnectionCenter.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: &Search
IE: {5C5C64C5-2774-40F2-8453-11C1E0351BF3} - c:\program files\lionhardt\blogwizard\blogme.js
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236362846572
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} - hxxp://update.hpphoto.com/download/HPSWUpdate.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-24 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-23 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-23 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-23 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-10-23 464264]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-23 285392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1170768]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-10-24 17:33:01 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-24 16:54:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-24 16:51:38 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-24 16:51:18 0 d-----w- c:\program files\Lavasoft
2009-10-24 14:14:14 0 d-----w- c:\windows\system32\NtmsData
2009-10-24 13:38:45 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 13:38:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-10-24 04:09:13 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-24 04:09:11 0 d-----w- c:\program files\Panda Security
2009-10-24 03:19:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-24 03:18:50 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 03:18:50 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
2009-10-24 03:18:28 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-24 02:35:13 0 d-----w- c:\program files\AskBarDis
2009-10-24 02:34:44 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-24 02:34:15 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-24 02:34:15 0 d-----w- c:\windows\system32\ZoneLabs
2009-10-24 02:34:15 0 d-----w- c:\program files\Zone Labs
2009-10-24 02:34:13 350192 ----a-w- c:\windows\system32\vsconfig.xml
2009-10-24 02:33:15 0 d-----w- c:\windows\Internet Logs
2009-10-24 01:45:34 0 d--h--w- C:\$AVG
2009-10-24 01:45:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-24 01:45:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-24 01:45:19 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-24 01:45:14 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-24 01:45:13 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-24 01:45:00 0 d-----w- c:\program files\AVG
2009-10-24 01:45:00 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-23 23:58:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 23:58:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-23 23:58:01 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-21 00:10:29 0 d-----w- c:\program files\Norton AntiVirus
2009-10-20 23:52:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PCSettings
2009-10-20 23:52:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2009-10-20 23:51:50 0 d-----w- c:\program files\NortonInstaller
2009-10-20 23:51:50 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-10-18 15:03:41 7680 --sha-w- c:\windows\Thumbs.db
2009-10-16 23:25:07 0 d-----w- C:\Downloads
2009-10-10 00:34:34 0 d-----w- c:\program files\FlashGet
2009-10-10 00:34:05 38 ----a-w- c:\windows\avisplitter.ini
2009-10-10 00:34:05 164352 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 00:34:03 0 d-----w- c:\program files\K-Lite Codec Pack
2009-10-09 23:37:57 0 d-----w- c:\program files\common files\DivX Shared
2009-10-09 23:37:56 0 d-----w- c:\program files\DivX

==================== Find3M ====================

2009-09-26 19:16:55 19521 ----a-w- c:\windows\hpqins13.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 04:23:09 13 ---h--w- c:\docume~1\alluse~1\applic~1\1Ð13.sys
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

============= FINISH: 17:35:32.23 ===============

[LDousay]

Bump, please

[Ried]

Hello LDousay,

Part of the problem is that you have too many active protection programs running and they are 'tripping' over one another. Each file you open, every site you visit, all of them are scrambling and fighting to take a look at, at the same time. Uninstall SuperAntiSpyware and AdAware via the Add or Remove programs panel and reboot. Keep Spybot Search & Destroy.

After you've done that, run this online scan to search for any remnants of infection that may be lying about. It can take some time, so please be patient and allow it to run it's full course:

Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan.

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

[LDousay]

Thank you for you assistance. I removed AdAware and SuperAntiSpyware, then tried to run the scan. At first there was a red warning to turn off all active anti-virus scanning. I could not turn the AVG free version off, so I had to uninstall the software to run the Kaspersky Online Scanner. After about an hour, the on-line scan said there were no threats found. The report is below.

Before connecting to the internet again, I turn Zone Alarm back on and reinstalled AVG. Now my word docs will not open at all. I can open a new doc, but I cannot open anything saved. When I close the form (trying to open the docs, my tool bar and icons go away temporarily). Also, I had to run connection wizard to reconnect through my NetZero DSL. When I re-booted the computer, it said Netzero was no longer connected.

Thank you again for your help.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, October 30, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, October 30, 2009 23:51:54
Records in database: 3106459
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 57451
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 01:04:49

No threats found. Scanned area is clean.

Selected area has been scanned.

[Ried]

Hi LDousay,

I've seen and read of numerous instances where internet is messed up if AVG does not uninstall cleanly.

Without knowing what Malwarebytes detected and removed, nor what any of the other programs removed, I cannot begin to determine the cause of Word not working properly. At this point, you'd do best discussing that issue with the folks in our Microsoft Office Support and see if they can help you repair it.

How is the overall performance now? Is it still sluggish?

[LDousay]

Ried,

Yes, the computer when first turned on...sits awile before it finally loads. And I still cannot open any Word or Excel files.

I am employed at a university. They install Microsoft Office for my work. Should I just bring the computer in and let them reinstall the software? Is the computer safe to connect to my financial institutions now? Or use Quicken?

thank you again for your help.

Linda

[Ried]

Hi Linda,

Yes, I would ask them to re-install it.

One last check, Linda. After much consideration, although I see no malware in any of the logs posted, given what you said was on the system I feel it may be prudent to run one more tool to ensure the infection was properly eradicated.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal.


====================================================


Double click on combofix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

[LDousay]

Hi Reid,

Thank you again and again for your help. I wasn't sure if you wanted it as an attachement. It's pretty long. I can repost it, if I need to. But here is the ComboFix text:

ComboFix 09-10-30.01 - Administrator 10/31/2009 16:43.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.615 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 )))))))))))))))))))))))))))))))
.

2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- C:\$AVG
2009-10-31 01:17 . 2009-10-31 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-30 23:36 . 2009-10-30 23:36 -------- d-----w- c:\windows\Sun
2009-10-30 23:36 . 2009-10-30 23:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-30 23:35 . 2009-10-30 23:35 -------- d-----w- c:\program files\Java
2009-10-24 16:51 . 2009-10-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 14:14 . 2009-10-24 14:15 -------- d-----w- c:\windows\system32\NtmsData
2009-10-24 13:38 . 2009-10-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 13:38 . 2009-10-24 13:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 04:09 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-24 04:09 . 2009-10-24 04:09 -------- d-----w- c:\program files\Panda Security
2009-10-24 03:19 . 2009-10-24 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-24 03:18 . 2009-10-30 22:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-24 03:18 . 2009-10-30 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 02:35 . 2009-10-24 02:35 -------- d-----w- c:\program files\AskBarDis
2009-10-24 02:34 . 2009-10-24 02:34 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-24 02:34 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-24 02:34 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-24 02:34 . 2009-10-24 02:34 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-24 02:34 . 2009-10-24 02:34 -------- d-----w- c:\program files\Zone Labs
2009-10-24 02:34 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-24 02:33 . 2009-10-31 21:38 -------- d-----w- c:\windows\Internet Logs
2009-10-24 01:45 . 2009-10-24 01:45 -------- d-----w- c:\program files\AVG
2009-10-23 23:58 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 23:58 . 2009-10-23 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 23:58 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 01:29 . 2009-10-23 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-21 00:14 . 2009-10-21 00:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-10-21 00:10 . 2009-10-24 01:28 -------- d-----w- c:\program files\Norton AntiVirus
2009-10-20 23:52 . 2009-10-20 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-10-20 23:52 . 2009-10-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-20 23:51 . 2009-10-24 01:27 -------- d-----w- c:\program files\NortonInstaller
2009-10-20 23:51 . 2009-10-20 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-16 23:25 . 2009-10-20 05:04 -------- d-----w- C:\Downloads
2009-10-10 02:32 . 2009-10-10 02:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-10 02:31 . 2009-10-10 02:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-10 00:34 . 2009-10-20 05:26 -------- d-----w- c:\program files\FlashGet
2009-10-10 00:34 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 00:34 . 2009-10-10 00:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-09 23:37 . 2009-10-09 23:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-09 23:37 . 2009-10-09 23:48 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 14:16 . 2009-09-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NetZero DSL
2009-10-25 07:19 . 2009-04-22 04:56 -------- d-----w- c:\program files\Yahoo!
2009-10-24 01:26 . 2009-09-24 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-21 01:38 . 2009-03-06 21:37 83072 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 00:11 . 2009-09-24 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-14 06:17 . 2009-03-06 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\program files\Common Files\WORDsearch
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\program files\Bible Explorer 4
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WORDsearch
2009-09-26 19:16 . 2009-09-26 19:13 19521 ----a-w- c:\windows\hpqins13.dat
2009-09-23 22:59 . 2009-09-23 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2009-09-20 02:57 . 2009-09-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2009-09-20 02:49 . 2009-04-21 13:31 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 22:58 . 2009-09-17 22:58 -------- d-----w- c:\program files\NetZero DSL
2009-09-12 14:08 . 2009-09-12 14:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Lionhardt
2009-09-07 23:33 . 2009-03-07 16:31 -------- d-----w- c:\program files\Webshots
2009-09-07 23:33 . 2009-03-07 03:22 -------- d-----w- c:\program files\NetZero
2009-09-07 23:32 . 2009-03-24 18:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2009-09-07 23:32 . 2009-03-17 12:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Kodak
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-09-20 02:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2009-03-06 17:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-03-06 17:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-03-06 18:07 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-03-06 17:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2009-03-06 17:27 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-03-06 17:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-07 13:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-07 13:34 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2009-03-06 17:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 04:23 . 2009-08-06 04:23 13 ---h--w- c:\documents and settings\All Users\Application Data\1Ð13.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2003-01-13 16:20 . 2009-03-17 12:39 278528 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 21:00 . 2009-03-17 12:39 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 23:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"NetZeroDSL"="c:\program files\NetZero DSL\ConnectionCenter.exe" [2007-09-17 1095152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-3-7 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-6 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/23/2009 11:09 PM 28552]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/23/2009 9:35 PM 464264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{6EE31E8F-9E48-4522-92B5-56A4F9248D76}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=81567300
IE: &Search
IE: {{5C5C64C5-2774-40F2-8453-11C1E0351BF3} - c:\program files\Lionhardt\blogwizard\blogme.js
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-2025429265-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\

[HKEY_USERS\S-1-5-21-1935655697-2025429265-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-10-31 16:48
ComboFix-quarantined-files.txt 2009-10-31 21:47

Pre-Run: 130,151,915,520 bytes free
Post-Run: 130,549,960,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D747A50C5B9DA2B6509E3FD6810CDBB4

[Ried]

Hi LDousay,

Open notepad and copy/paste the text in the code box below into it:

Quote:

FCopy::
c:\windows\$NtServicePackUninstall$\eventlog.dll | c:\windows\system32\eventlog.dll

Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe

***************************************************

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, copy/paste the contents of the C:\ComboFix.txt into the reply box.

Any improvement in MS Word by any chance?

[LDousay]

Ried,

The Word and Excel files will open, but it takes a long time. I found that I can go into Word or Excell, then open the files and they open normally, but when I try to double click the file...that's when it just sits...if I X out of the process, my tool bar and icons disappear for a second.

I hope I did this right. It seems like it is the same file as before



ComboFix 09-10-30.01 - Administrator 11/01/2009 6:01.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.607 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$NtServicePackUninstall$\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 12:01 . 2004-08-04 10:00 55808 -c--a-w- c:\windows\system32\dllcache\eventlog.dll
2009-11-01 12:01 . 2004-08-04 10:00 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-10-31 22:02 . 2009-10-31 22:02 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-31 22:02 . 2009-10-31 22:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-31 22:02 . 2009-10-31 22:02 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-31 22:02 . 2009-10-31 22:02 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-31 22:02 . 2009-10-31 22:02 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-31 01:17 . 2009-10-31 01:17 -------- d-----w- C:\$AVG
2009-10-31 01:17 . 2009-10-31 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-30 23:36 . 2009-10-30 23:36 -------- d-----w- c:\windows\Sun
2009-10-30 23:36 . 2009-10-30 23:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-30 23:35 . 2009-10-30 23:35 -------- d-----w- c:\program files\Java
2009-10-24 16:51 . 2009-10-30 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-24 14:14 . 2009-10-24 14:15 -------- d-----w- c:\windows\system32\NtmsData
2009-10-24 13:38 . 2009-10-24 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-24 13:38 . 2009-10-24 13:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-24 04:09 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-10-24 04:09 . 2009-10-24 04:09 -------- d-----w- c:\program files\Panda Security
2009-10-24 03:19 . 2009-10-24 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-24 03:18 . 2009-10-30 22:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-24 03:18 . 2009-10-30 22:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-24 02:35 . 2009-10-24 02:35 -------- d-----w- c:\program files\AskBarDis
2009-10-24 02:34 . 2009-10-24 02:34 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-24 02:34 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-24 02:34 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-24 02:34 . 2009-10-24 02:34 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-24 02:34 . 2009-10-24 02:34 -------- d-----w- c:\program files\Zone Labs
2009-10-24 02:34 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-24 02:33 . 2009-11-01 11:56 -------- d-----w- c:\windows\Internet Logs
2009-10-24 01:45 . 2009-10-24 01:45 -------- d-----w- c:\program files\AVG
2009-10-23 23:58 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-23 23:58 . 2009-10-23 23:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-23 23:58 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-21 01:29 . 2009-10-23 22:33 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-21 00:14 . 2009-10-21 00:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-10-21 00:10 . 2009-10-24 01:28 -------- d-----w- c:\program files\Norton AntiVirus
2009-10-20 23:52 . 2009-10-20 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-10-20 23:52 . 2009-10-24 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-20 23:51 . 2009-10-24 01:27 -------- d-----w- c:\program files\NortonInstaller
2009-10-20 23:51 . 2009-10-20 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-16 23:25 . 2009-10-20 05:04 -------- d-----w- C:\Downloads
2009-10-10 02:32 . 2009-10-10 02:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-10 02:31 . 2009-10-10 02:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2009-10-10 00:34 . 2009-10-20 05:26 -------- d-----w- c:\program files\FlashGet
2009-10-10 00:34 . 2007-09-04 16:56 164352 ----a-w- c:\windows\system32\unrar.dll
2009-10-10 00:34 . 2009-10-10 00:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-09 23:37 . 2009-10-09 23:48 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-09 23:37 . 2009-10-09 23:48 -------- d-----w- c:\program files\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-28 14:16 . 2009-09-17 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NetZero DSL
2009-10-25 07:19 . 2009-04-22 04:56 -------- d-----w- c:\program files\Yahoo!
2009-10-24 01:26 . 2009-09-24 00:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-21 01:38 . 2009-03-06 21:37 83072 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 00:11 . 2009-09-24 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-14 06:17 . 2009-03-06 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\program files\Common Files\WORDsearch
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\program files\Bible Explorer 4
2009-10-08 04:47 . 2009-04-12 02:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WORDsearch
2009-09-26 19:16 . 2009-09-26 19:13 19521 ----a-w- c:\windows\hpqins13.dat
2009-09-23 22:59 . 2009-09-23 22:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\HpUpdate
2009-09-20 02:57 . 2009-09-20 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-20 02:56 . 2009-09-20 02:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Office Genuine Advantage
2009-09-20 02:49 . 2009-04-21 13:31 -------- d-----w- c:\program files\Microsoft Works
2009-09-17 22:58 . 2009-09-17 22:58 -------- d-----w- c:\program files\NetZero DSL
2009-09-12 14:08 . 2009-09-12 14:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 02:11 . 2009-09-10 02:11 -------- d-----w- c:\program files\Lionhardt
2009-09-07 23:33 . 2009-03-07 16:31 -------- d-----w- c:\program files\Webshots
2009-09-07 23:33 . 2009-03-07 03:22 -------- d-----w- c:\program files\NetZero
2009-09-07 23:32 . 2009-03-24 18:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2009-09-07 23:32 . 2009-03-17 12:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Kodak
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-09-20 02:04 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-07 00:24 . 2009-03-06 17:27 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2009-03-06 17:27 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2009-03-06 18:07 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2009-03-06 17:27 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2009-03-06 17:27 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 10:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2009-03-06 17:27 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2009-03-07 13:34 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2009-03-07 13:34 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2009-03-06 17:27 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 04:23 . 2009-08-06 04:23 13 ---h--w- c:\documents and settings\All Users\Application Data\1Ð13.sys
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2005-03-30 01:21 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-03 20:07 . 2009-08-03 20:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 20:07 . 2009-08-03 20:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 20:07 . 2009-08-03 20:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2003-01-13 16:20 . 2009-03-17 12:39 278528 ------w- c:\program files\internet explorer\plugins\PanoViewer.dll
1999-04-30 21:00 . 2009-03-17 12:39 98304 ------w- c:\program files\internet explorer\plugins\UPjpeg.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-31_21.46.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2009-10-14 06:21 68156 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-11-01 11:39 68156 c:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-11-01 11:39 435260 c:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-10-14 06:21 435260 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 23:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe" [2004-01-13 69632]
"Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-18 45056]
"NetZeroDSL"="c:\program files\NetZero DSL\ConnectionCenter.exe" [2007-09-17 1095152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-30 149280]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-31 2010904]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-27 282624]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2009-3-7 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-3-6 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-31 22:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [10/23/2009 10:09 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/31/2009 4:02 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/31/2009 4:02 PM 360584]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [10/23/2009 8:35 PM 464264]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [10/31/2009 4:02 PM 285392]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-10-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2009-10-17 c:\windows\Tasks\User_Feed_Synchronization-{6EE31E8F-9E48-4522-92B5-56A4F9248D76}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 00:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=81567300
IE: &Search
IE: {{5C5C64C5-2774-40F2-8453-11C1E0351BF3} - c:\program files\Lionhardt\blogwizard\blogme.js
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1935655697-2025429265-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,55,82,fc,34,2a,41,b1,47,ac,b6,40,\

[HKEY_USERS\S-1-5-21-1935655697-2025429265-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2336)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-11-01 6:07
ComboFix-quarantined-files.txt 2009-11-01 12:06
ComboFix2.txt 2009-10-31 21:48

Pre-Run: 130,135,756,800 bytes free
Post-Run: 130,327,171,072 bytes free

- - End Of File - - 4DD9A6DC227C8B50916B00C9A6C432BF

[Ried]

Hi Linda,

Quote:

Originally Posted by Ried

Without knowing what Malwarebytes detected and removed, nor what any of the other programs removed,

I have a bit more to work with now.. To you it appears to be the same file as before because apparently you'd seen this file flagged during your attempts to clean this yourself. eventlog.dll was deleted because it was found to be infected, but it was not replaced with a good copy. We have now accomplished that.

1. Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.



2. Download Junction.zip and save it to your desktop. Double click the junction.zip and extract to your desktop.

Next, open Notepad and copy/paste the contents in the quote box below, into Notepad.

Quote:

junction -s c:\ > log.txt
notepad log.txt
exit

Save this as junction.bat Choose to "Save type as - All Files" and save it to your desktop.


It should look like this:

• Double click Junction folder to open it.
• Now drag the junction.bat into the Junction folder
• Double click the junction.bat and allow it to run -it can take a while to complete, so be patient.

Post the log it produces

[LDousay]

Quote:

Originally Posted by Ried

1. Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

Ried,

Here is the first part:
Running from: C:\Documents and Settings\Administrator\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

[LDousay]

Ried, I must have done something wrong the first time. I didn't have a junction folder, but I had junction.exe, so I opened the zip file again. This time I had the folder. So I opened the folder, and dragged juntion.bat into the folder, then double clicked it. But, it only took a few seconds before I got the log below. And actually, the log doesn't look like this. In the log, everywere there is dots (...) below, there is dots and zero's. Like this:
...0 0...0

Did I do something wrong?


Junction v1.05 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...

...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Symantec\SRTSP\Quarantine: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e



...

...

...

...

...

...

...

...

..

[Ried]

You did fine. :)

Those reports are clear, so at this point I'd say it's time to take it to the University folks and ask them to reinstall MS Office for you.

[LDousay]

Thank you very very much! It's simply amazing to find such skill offered freely. I pray that God blesses you richly for your time and effort.

Linda

[Ried]

You're welcome, and thank you so much for the kind words.

Take care, Linda