1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google redirect and random pop-ups!

Discussion in 'Virus & Other Malware Removal' started by dwhiggins, Apr 29, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    This seems to be a problem for a number of people. It started with the antivirus xp malware which I managed to remove with malwarebytes. Since then I get random pop-ups and redirected in google. This happens in Internet Explorer and Firefox. Google chrome won't load my home page and then says it's unresponsive and asks me to kill the page or wait.

    I am also getting a resident shield alert in AVG saying accessed file infected.
    File name - C:\WINDOWS\system32\drivers\AvgTdix.sys
    Threat name - Win32/Patched.DO
    This is coming up on screen every 30 seconds or so.

    Any help would be greatly appreciated

    Thanks
     
  2. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Hi, dwhiggins :)

    Welcome.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
    1. If you are using Firefox, make sure that your download settings are as follows:
      • Tools->Options->Main tab
      • Set to "Always ask me where to Save the files".
    2. During the download, rename Combofix to Combo-Fix as follows:

      [​IMG]

      [​IMG]

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      -----------------------------------------------------------​
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
        -----------------------------------------------------------​
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------​
    7. Double click on combo-Fix.exe & follow the prompts.
    8. Install the Recovery Console if prompted.
    9. When finished, it will produce a report for you.
    10. Please post the "C:\Combo-Fix.txt" .
    **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
     
  3. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    I've used combofix as instructed but now my computer refuses to connect to the internet.
    I'm using friends laptop for this.
    It's nothing to do with my broadband or router so i'm guessing combofix did something.

    Any ideas?

    Thanks Again
     
  4. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    A simple restart should have recovered the connection.

    Go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

    netsh int ip reset C:\Resetlog.txt
    netsh winsock reset catalog
    ipconfig /flushdns
    (The space between g and / is needed)
    Exit

    Restart the computer. Test the connection.
     
  5. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    When I enter the line
    netsh int ip reset C:\Resetlog.txt
    it says "the following helper DLL cannot be loaded"

    After restart the internet connection works for a few seconds but then is lost like before

    Any thoughts

    Thanks
     
  6. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Which helper dll? It should be part of the error message.
     
  7. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    It doesn't say anything else. It just says
    "the following helper dll cannot be loaded"

    Here is the combo fix log as well in case that helps

    ComboFix 10-04-29.05 - Daryl Higgins 30/04/2010 16:36:27.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.554 [GMT 1:00]
    Running from: c:\documents and settings\Daryl Higgins\Desktop\Combo-Fix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\windows\jestertb.dll
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\WanPacket.dll
    c:\windows\system32\wpcap.dll
    D:\Autorun.inf

    Infected copy of c:\windows\system32\drivers\AvgTdiX.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF
    -------\Service_NPF


    ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 )))))))))))))))))))))))))))))))
    .

    2010-04-29 14:25 . 2010-04-29 14:25 -------- d-----w- c:\documents and settings\Daryl Higgins\Local Settings\Application Data\Mozilla
    2010-04-29 14:02 . 2010-04-29 14:02 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-04-29 13:55 . 2010-04-29 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-04-28 13:15 . 2010-04-28 02:04 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-28 11:27 . 2010-04-28 11:27 -------- d-----w- c:\program files\Safari
    2010-04-28 02:04 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-04-28 02:04 . 2010-04-28 02:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-28 02:01 . 2010-04-28 02:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-28 01:59 . 2010-04-28 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-04-28 01:59 . 2010-04-28 02:01 -------- d-----w- c:\program files\Lavasoft
    2010-04-28 00:28 . 2010-04-28 00:28 -------- d-----w- c:\program files\CCleaner
    2010-04-23 10:18 . 2010-04-23 10:18 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Malwarebytes
    2010-04-23 10:18 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-23 10:18 . 2010-04-23 10:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-04-23 10:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-23 10:18 . 2010-04-29 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-23 01:19 . 2010-04-23 01:19 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-04-23 00:58 . 2010-04-23 00:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-09 12:30 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-04-09 12:30 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-04-09 12:30 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2010-04-09 12:30 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\dllcache\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-30 15:54 . 2009-04-08 20:31 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Affinegy
    2010-04-29 23:05 . 2010-04-29 23:05 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-29 19:20 . 2009-10-24 15:08 242896 ----a-w- c:\windows\system32\drivers\AvgTdiX.sys
    2010-04-29 16:16 . 2009-12-04 00:08 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\HPAppData
    2010-04-29 15:51 . 2009-03-14 17:33 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Spotify
    2010-04-29 14:10 . 2006-10-15 22:33 -------- d-----w- c:\program files\Common Files\Adobe
    2010-04-29 13:58 . 2010-04-29 13:58 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-04-29 13:45 . 2010-04-28 02:04 893952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-04-29 13:45 . 2010-04-28 02:04 574632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
    2010-04-29 13:45 . 2010-04-28 02:04 443344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-04-29 13:45 . 2010-04-28 02:03 866224 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-04-29 13:45 . 2010-04-28 02:03 871320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-04-29 13:45 . 2010-04-28 02:03 1598464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-04-29 13:45 . 2010-04-28 02:03 834248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-04-29 13:45 . 2010-04-28 02:03 1285864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-04-28 13:36 . 2007-02-07 02:38 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Apple Computer
    2010-04-28 11:23 . 2010-04-28 11:23 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
    2010-04-28 02:04 . 2010-04-28 02:04 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2010-04-28 02:04 . 2010-04-28 02:04 566432 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
    2010-04-28 02:04 . 2010-04-28 02:04 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2010-04-28 02:04 . 2010-04-28 02:04 211600 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2010-04-28 02:04 . 2010-04-28 02:04 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2010-04-28 02:04 . 2010-04-28 02:04 397480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2010-04-28 02:04 . 2010-04-28 02:04 221920 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2010-04-28 02:04 . 2010-04-28 02:04 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
    2010-04-28 02:04 . 2010-04-28 02:04 167824 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2010-04-28 02:04 . 2010-04-28 02:04 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2010-04-28 02:04 . 2010-04-28 02:04 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
    2010-04-28 02:04 . 2010-04-28 02:03 6306640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-04-28 02:03 . 2010-04-28 02:03 95248 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2010-04-28 02:03 . 2010-04-28 02:03 335728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2010-04-28 02:03 . 2010-04-28 02:03 16456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
    2010-04-28 02:03 . 2010-04-28 02:03 967640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-04-28 02:03 . 2010-04-28 02:03 755096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
    2010-04-28 00:53 . 2006-10-16 14:18 -------- d-----w- c:\documents and settings\Daryl Higgins\Application Data\Azureus
    2010-04-22 17:21 . 2007-10-23 12:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-17 18:44 . 2006-10-15 22:59 -------- d-----w- c:\program files\Azureus
    2010-04-14 23:49 . 2007-03-20 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-04-05 14:55 . 2006-09-01 18:20 -------- d-----w- c:\program files\Common Files\Java
    2010-04-05 14:54 . 2009-01-03 15:49 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-03-23 21:19 . 2010-03-23 21:19 1521152 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\data\twx\L6TWX.dll
    2010-03-23 21:19 . 2009-02-02 23:15 571008 ----a-w- c:\windows\system32\drivers\L6TportK.sys
    2010-03-23 21:19 . 2009-02-02 23:15 180224 ----a-w- c:\windows\system32\l6tpkb37.dll
    2010-03-15 12:36 . 2010-03-15 12:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-15 12:36 . 2008-09-11 21:55 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-15 12:34 . 2008-09-11 21:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-10 06:15 . 2004-08-04 21:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-09 22:42 . 2010-03-09 22:42 1974272 ----a-w- c:\documents and settings\All Users\Application Data\Line 6\L6TWXG\L6TWXG.dll
    2010-03-04 23:44 . 2009-12-19 13:11 -------- d-----w- c:\program files\Hotspot Shield
    2010-02-26 18:42 . 2010-02-26 18:42 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-02-25 06:24 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2005-01-19 12:26 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-16 14:08 . 2004-08-04 21:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-02-16 13:25 . 2004-08-04 21:00 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-02-12 10:03 . 2010-03-02 13:07 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-12 04:33 . 2004-08-04 21:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
    2010-02-11 12:02 . 2004-08-04 21:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
    2010-02-04 15:53 . 2010-04-28 02:01 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-02-01 01:45 . 2010-04-29 14:12 38784 ----a-w- c:\documents and settings\Daryl Higgins\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    2009-12-19 13:11 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
    "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-11 102400]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
    "RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
    "Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-06 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-06 114688]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-06 94208]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-01-20 200704]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "QuickTime Task"="c:\program files\QUICKTIME\QTTASK.EXE" [2009-11-10 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-15 12:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Daryl Higgins^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\Daryl Higgins\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Azureus\\Azureus.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Spotify\\spotify.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/04/2010 03:04 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/09/2008 22:55 216200]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\AvgTdiX.sys [24/10/2009 16:08 242896]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/03/2010 13:35 308064]
    R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [09/01/2010 00:42 285744]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1285864]
    R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [29/09/2006 17:05 29312]
    S3 Flash1;Flash1;c:\program files\SP35487\winphlash\FLASH1.sys [01/03/2006 17:54 3456]
    S3 L6TportK;Service - Line 6 TonePort KB37;c:\windows\system32\drivers\L6TportK.sys [03/02/2009 00:15 571008]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 13:45]

    2010-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-04-30 c:\windows\Tasks\User_Feed_Synchronization-{1A7C7059-D2F4-4973-ACEA-DE39AFE3BE8A}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://news.bbc.co.uk/
    uInternet Connection Wizard,ShellNext = https://register.hp.com/servlet/Web...YEAR=2006&gwCountry=GB&language=17&prodOS=011
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    Trusted Zone: line6.net
    FF - ProfilePath - c:\documents and settings\Daryl Higgins\Application Data\Mozilla\Firefox\Profiles\s9aeqftu.default\
    FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-30 16:56
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? [email protected][email protected]? ????\[email protected][email protected]

    scanning hidden files ...


    c:\documents and settings\Daryl Higgins\Application Data\Affinegy\wpa_supplicant.conf 157 bytes

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2972)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Virgin Broadband Wireless\AffinegyService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\program files\Hotspot Shield\bin\openvpnas.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\BT Home Hub\Wireless Configuration\WirelessDaemon.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
    c:\program files\Hotspot Shield\bin\openvpntray.exe
    c:\program files\Virgin Broadband Wireless\ndis_events.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2010-04-30 16:59:39 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-04-30 15:59

    Pre-Run: 15,540,477,952 bytes free
    Post-Run: 15,474,278,400 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 137A2A39825B81B43A601C45036C7F7A

    Thanks
     
  8. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    I need you to update and run Malwarebytes Antimalware and post its report. Perhaps during that small window you may be a able to update.
     
  9. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    Managed to update but it doesn't seem to have found anything

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4066

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/05/2010 00:18:36
    mbam-log-2010-05-05 (00-18-36).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 242481
    Time elapsed: 1 hour(s), 37 minute(s), 51 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  10. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    • Copy the entire contents of the Quote Box below to Notepad.
    • Name the file as Query.bat
    • Change the Save as Type to All Files
    • and Save it on the desktop
    • Once saved, double click on the Query.bat file and post the resulting report in your next reply.

    Download the GMER Rootkit Scanner. Unzip it to your Desktop.

    Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click GMER.exe.
      [​IMG]
    • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
    • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
        [​IMG]
        Click the image to enlarge it
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
    • Save the log where you can easily find it, such as your desktop.
    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

    Please copy and paste the report into your Post.
     
  11. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    Here is the Query log

    Volume in drive C has no label.
    Volume Serial Number is 0A66-748A

    Directory of C:\Qoobox

    30/04/2010 16:59 <DIR> .
    30/04/2010 16:59 <DIR> ..
    30/04/2010 16:58 13,111 Add-Remove Programs.txt
    30/04/2010 16:26 <DIR> BackEnv
    30/04/2010 16:59 1,867 ComboFix-quarantined-files.txt
    30/04/2010 16:50 <DIR> Quarantine
    30/04/2010 16:58 0 [email protected]_15.50.45.dat
    3 File(s) 14,978 bytes

    Directory of C:\Qoobox\BackEnv

    30/04/2010 16:26 <DIR> .
    30/04/2010 16:26 <DIR> ..
    30/04/2010 16:26 297 appdata.folder.dat
    30/04/2010 16:26 234 cache.folder.dat
    30/04/2010 16:26 153 Cookies.folder.dat
    30/04/2010 16:26 98 desktop.folder.dat
    30/04/2010 16:26 156 favorites.folder.dat
    30/04/2010 16:26 225 localappdata.folder.dat
    30/04/2010 16:26 175 localsettings.folder.dat
    30/04/2010 16:26 196 mypictures.folder.dat
    30/04/2010 16:26 105 personal.folder.dat
    30/04/2010 16:25 242 Profiles.Folder.dat
    30/04/2010 16:26 373 Profiles.Folder.folder.dat
    30/04/2010 16:26 184 programs.folder.dat
    30/04/2010 16:25 6,199 SetPath.bat
    30/04/2010 16:26 104 startmenu.folder.dat
    30/04/2010 16:26 208 startup.folder.dat
    30/04/2010 16:25 2,242 SysPath.dat
    30/04/2010 16:26 102 templates.folder.dat
    17 File(s) 11,293 bytes

    Directory of C:\Qoobox\Quarantine

    30/04/2010 16:50 <DIR> .
    30/04/2010 16:50 <DIR> ..
    30/04/2010 16:31 <DIR> C
    30/04/2010 16:34 102 catchme.log
    30/04/2010 16:50 <DIR> D
    30/04/2010 16:58 <DIR> Registry_backups
    1 File(s) 102 bytes

    Directory of C:\Qoobox\Quarantine\C

    30/04/2010 16:31 <DIR> .
    30/04/2010 16:31 <DIR> ..
    30/04/2010 16:46 <DIR> Program Files
    30/04/2010 16:46 <DIR> WINDOWS
    0 File(s) 0 bytes

    Directory of C:\Qoobox\Quarantine\C\Program Files

    30/04/2010 16:46 <DIR> .
    30/04/2010 16:46 <DIR> ..
    30/04/2010 16:46 <DIR> WinPcap
    0 File(s) 0 bytes

    Directory of C:\Qoobox\Quarantine\C\Program Files\WinPcap

    30/04/2010 16:46 <DIR> .
    30/04/2010 16:46 <DIR> ..
    26/05/2008 16:07 49,152 daemon_mgm.exe.vir
    26/05/2008 16:07 49,152 npf_mgm.exe.vir
    26/05/2008 16:07 86,016 rpcapd.exe.vir
    3 File(s) 184,320 bytes

    Directory of C:\Qoobox\Quarantine\C\WINDOWS

    30/04/2010 16:46 <DIR> .
    30/04/2010 16:46 <DIR> ..
    08/04/2010 14:27 21,504 jestertb.dll.vir
    30/04/2010 16:46 <DIR> system32
    1 File(s) 21,504 bytes

    Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32

    30/04/2010 16:46 <DIR> .
    30/04/2010 16:46 <DIR> ..
    30/04/2010 16:46 <DIR> Drivers
    26/05/2008 16:07 81,920 packet.dll.vir
    26/05/2008 16:07 53,299 pthreadVC.dll.vir
    26/05/2008 16:07 61,440 wanpacket.dll.vir
    26/05/2008 16:07 233,472 wpcap.dll.vir
    4 File(s) 430,131 bytes

    Directory of C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers

    30/04/2010 16:46 <DIR> .
    30/04/2010 16:46 <DIR> ..
    29/04/2010 20:20 242,896 AvgTdiX.sys.vir
    26/05/2008 16:07 32,512 npf.sys.vir
    2 File(s) 275,408 bytes

    Directory of C:\Qoobox\Quarantine\D

    30/04/2010 16:50 <DIR> .
    30/04/2010 16:50 <DIR> ..
    30/04/2004 06:01 53 Autorun.inf.vir
    1 File(s) 53 bytes

    Directory of C:\Qoobox\Quarantine\Registry_backups

    30/04/2010 16:58 <DIR> .
    30/04/2010 16:58 <DIR> ..
    30/04/2010 16:45 1,372 Legacy_NPF.reg.dat
    30/04/2010 16:45 2,418 Service_NPF.reg.dat
    30/04/2010 16:45 8,507 tcpip.reg
    3 File(s) 12,297 bytes

    Total Files Listed:
    35 File(s) 950,086 bytes
    32 Dir(s) 15,296,909,312 bytes free

    Whenever I use GMER my comp either crashes or cuts out. I also got the blue screen of death at one point.

    Thanks
     
  12. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Remove AVG from your computer. Then download and run the AVG Removal Tool.

    Test after a restart and let me know the outcome.
     
  13. dwhiggins

    dwhiggins Thread Starter

    Joined:
    Apr 29, 2010
    Messages:
    7
    I've done that but it's still not going online
     
  14. JSntgRvr

    JSntgRvr Retired Moderator and Malware Specialist

    Joined:
    Jul 1, 2003
    Messages:
    18,552
    First Name:
    José
    Now that AVG is removed, go to Start->Run->Type CMD and click Ok. The MSDOS Window will be displayed. At the command prompt, type the following and press Enter after each line:

    netsh int ip reset C:\Resetlog.txt
    netsh winsock reset catalog

    ipconfig /flushdns (The space between g and / is needed)
    Exit

    Restart and test.

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • OTL should now start. Change the following settings
      • Change Drivers to All
      • Change Standard Registry to All
      • Under File Scans, change File age to 30
    • Under the Custom Scan box paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      %SYSTEMDRIVE%\*.*
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
      • Please post the contents of these files in your next reply.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920049

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice