computer reboots or freezes at login (win xp)

ComboFix log looks good. Click Start>run and type the following commands, hitting enter after each.

sc stop windev-4134-6407
sc delete windev-4134-6407

Now open the CFScript.txt we created previously and remove everything, then paste in the following and close, saving the changes.

File::
C:\WINDOWS\system32\windev-4134-6407.sys

Now drag and drop CFScript.txt onto ComboFix.exe, wait for it to complete and reboot if it needs to. Post the log it creates and opens.

Please check post #36 above and post that awf.txt log.

 

Please check post #36 above and post that awf.txt log.[/QUOTE]

I knew I was forgetting a log somewhere, just missed which one,lol

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 08:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/19/2003 06:43 AM 57,344 lxbkbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/20/2002 05:08 PM 1,511,453 msmsgs.exe
1 File(s) 1,511,453 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/12/2004 10:37 AM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 11:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

06/25/2003 12:24 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

08/20/2003 03:57 PM 221,184 hpcmpmgr.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

08/14/2002 07:29 PM 90,112 mm_tray.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/29/2002 12:57 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

01/19/2007 01:49 PM 4,670,968 YAHOOM~1.EXE
03/27/2007 04:22 PM 4,670,968 YahooMessenger.exe
2 File(s) 9,341,936 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/07/2002 01:23 AM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

04/13/2005 04:48 AM 36,975 jusched.exe
1 File(s) 36,975 bytes


04/10/2002 06:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\COMMON~1\{B04E6~1\BAK

02/18/2007 12:29 AM 14,336 Update.exe.vir
1 File(s) 14,336 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\WEBHAN~1\PROGRAMS\BAK

02/21/2007 04:18 PM 565,248 whagent.exe.vir
1 File(s) 565,248 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\MANTEC~1\BAK

02/18/2007 12:30 AM 70,144 msiexec.exe.vir
1 File(s) 70,144 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
10/21/2001 04:54 PM 36,864 printray.exe
2 File(s) 225,280 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\MYWEBS~1\BAR\1.BIN\BAK

02/26/2007 10:27 PM 28,672 mwsoemon.exe.vir
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

306688 Jul 19 2004 "C:\Program Files\Dell Support\DSAgnt.exe "
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\msmsgs.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\bak\msmsgs.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\qttask.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\bak\qttask.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe "
135168 Feb 20 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ChanDir\MMJB\mm_tray.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\RealPlay.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "
4670968 Jan 19 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe "
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe "
36975 Apr 13 2005 "C:\Program Files\Java\jre1.5.0_03\bin\bak\jusched.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\Update.exe.vir "
14336 Jul 26 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~2\Update.exe.vir "
14336 Feb 18 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\bak\Update.exe.vir "
565248 Feb 21 2007 "C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\bak\whagent.exe.vir "
71680 Apr 9 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\msiexec.exe.vir "
70144 Feb 18 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\bak\msiexec.exe.vir "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\lexmarklexmark_x63b8e1\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir "
28672 Feb 26 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir "


end of report

 

here is the combofix log after the last changes:

ComboFix 07-07-30.2 - "Brent" 2007-08-01 22:45:55.6 [GMT -4:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Brent\Desktop\cfscript.txt
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-02 to 2007-08-02 )))))))))))))))))))))))))))))))


2007-07-31 00:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-30 20:08 <DIR> d-------- C:\WINDOWS\CSC
2007-07-29 19:04 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-29 18:11 50,688 --a------ C:\DOCUME~1\Brent\ATF-Cleaner.exe
2007-07-29 18:11 186,880 --a------ C:\DOCUME~1\Brent\LSPFix.exe
2007-07-29 18:11 1,045,508 --a------ C:\DOCUME~1\Brent\SDFix.exe
2007-07-29 18:10 1,371,683 --a------ C:\DOCUME~1\Brent\ComboFix.exe
2007-07-28 13:03 502,308 --a------ C:\DOCUME~1\Brent\dss.exe
2007-07-28 13:03 488,144 --a------ C:\DOCUME~1\Brent\HJTsetup.exe
2007-07-28 12:27 <DIR> d-------- C:\Deckard
2007-07-28 01:25 5,558 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-07-28 01:18 886,519 --a------ C:\DOCUME~1\Brent\SmitfraudFix.exe
2007-07-28 01:18 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-07-28 01:18 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-07-28 01:18 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-07-27 13:27 <DIR> d-------- C:\DOCUME~1\Brent\APPLIC~1\Webroot


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-27 00:48 146 --ah----- C:\Program Files\hpothb07.dat
2005-05-18 12:20 255 --ah----- C:\Program Files\hpothb07.tif
2002-12-29 12:59 207759 --a------ C:\Program Files\INSTALL.LOG


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RealTray "= "C:\Program Files\Real\RealPlayer\RealPlay.exe" [2002-12-29 12:57]
"MMTray "= "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-08-14 19:29]
"AdaptecDirectCD "= "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 18:44]
"QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2004-01-12 10:37]
"Lexmark X1100 Series "= "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 06:43]
"HPHUPD05 "= "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 17:23]
"HP Component Manager "= "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 15:57]
"HP Software Update "= "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 12:24]
"Share-to-Web Namespace Daemon "= "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 11:42]
"CamMonitor "= "C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 01:23]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport "= "C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 08:51]
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Symantec Network Driver Update Warning "=C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE
"ALUAlert "=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"Symantec NetDriver Warning "=C:\PROGRA~1\SYMNET~1\SNDWarn.exe
"Yahoo! Pager "= "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

C:\Documents and Settings\Brent\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 15:36:04]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2002-09-03 15:36:04]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-12-29 12:53:59]

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\System32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\System32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\System32\drivers\cdudf_xp.sys
R1 pwd_2k;pwd_2k;C:\WINDOWS\System32\drivers\pwd_2k.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\System32\drivers\UdfReadr_xp.sys
R2 ASCTRM;ASCTRM;C:\WINDOWS\System32\drivers\ASCTRM.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\System32\drivers\mmc_2K.sys
R3 MxlW2k;MxlW2k;C:\WINDOWS\System32\drivers\MxlW2k.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\System32\drivers\dvd_2K.sys
S3 i81x;i81x;C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
S3 iAimFP0;iAimFP0;C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
S3 iAimFP1;iAimFP1;C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
S3 iAimFP2;iAimFP2;C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
S3 iAimFP3;iAimFP3;C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
S3 iAimFP4;iAimFP4;C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
S3 iAimTV0;iAimTV0;C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
S3 iAimTV1;iAimTV1;C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
S3 iAimTV2;iAimTV2;C:\WINDOWS\System32\DRIVERS\wATV03nt.sys
S3 iAimTV3;iAimTV3;C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
S3 iAimTV4;iAimTV4;C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\System32\DRIVERS\wanatw4.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\System32\DRIVERS\agpCPQ.sys


Contents of the 'Scheduled Tasks' folder
2007-08-02 01:40:00 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#140#CN3CN340S2J3.job - C:\Program Files\HP\hpcoretech\comp\hpdarc.exe
2007-08-02 01:39:00 C:\WINDOWS\Tasks\HP Usg Daily.job - C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe
2003-01-03 23:39:07 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-01 22:47:48
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-01 22:48:43
C:\ComboFix-quarantined-files.txt ... 2007-08-01 22:48
C:\ComboFix2.txt ... 2001-08-01 21:12
C:\ComboFix3.txt ... 2001-08-01 02:09

--- E O F ---

 

ComboFix looks great.... and the date is right! FindAWF looks good except for that one file yet. Please run FindAWF option 2 in safe mode, and enter the following in files.txt when it opens.

"C:\WINDOWS\SYSTEM32\bak\DSentry.exe "

Close and save. Post the contents of the awf.txt log when the scan completes, and we'll finish up with using FindAWF, then move on.

 

one log file as requested:

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 08:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/19/2003 06:43 AM 57,344 lxbkbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/20/2002 05:08 PM 1,511,453 msmsgs.exe
1 File(s) 1,511,453 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/12/2004 10:37 AM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 11:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

06/25/2003 12:24 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

08/20/2003 03:57 PM 221,184 hpcmpmgr.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

08/14/2002 07:29 PM 90,112 mm_tray.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/29/2002 12:57 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

01/19/2007 01:49 PM 4,670,968 YAHOOM~1.EXE
03/27/2007 04:22 PM 4,670,968 YahooMessenger.exe
2 File(s) 9,341,936 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/07/2002 01:23 AM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes


04/10/2002 06:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\COMMON~1\{B04E6~1\BAK

02/18/2007 12:29 AM 14,336 Update.exe.vir
1 File(s) 14,336 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\WEBHAN~1\PROGRAMS\BAK

02/21/2007 04:18 PM 565,248 whagent.exe.vir
1 File(s) 565,248 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\MANTEC~1\BAK

02/18/2007 12:30 AM 70,144 msiexec.exe.vir
1 File(s) 70,144 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
10/21/2001 04:54 PM 36,864 printray.exe
2 File(s) 225,280 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\MYWEBS~1\BAR\1.BIN\BAK

02/26/2007 10:27 PM 28,672 mwsoemon.exe.vir
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

306688 Jul 19 2004 "C:\Program Files\Dell Support\DSAgnt.exe "
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\msmsgs.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\bak\msmsgs.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\qttask.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\bak\qttask.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe "
135168 Feb 20 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ChanDir\MMJB\mm_tray.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\RealPlay.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "
4670968 Jan 19 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\Update.exe.vir "
14336 Jul 26 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~2\Update.exe.vir "
14336 Feb 18 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\bak\Update.exe.vir "
565248 Feb 21 2007 "C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\bak\whagent.exe.vir "
71680 Apr 9 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\msiexec.exe.vir "
70144 Feb 18 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\bak\msiexec.exe.vir "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\lexmarklexmark_x63b8e1\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir "
28672 Feb 26 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir "


end of report

 

Darnit ..... I see another one I missed. Sorry, one more time with option 2

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "

 

i think all those logs start looking alike after awhile, thanks for taking the time to look at them for me..it can't be an easy job and it looks like you are quite busy here.

safe mode or normal on this last one?

 

Either should be fine. If you're already in safe mode, do it there.

I'm happy to help

 

scan complete, log file to go with..


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\DELLSU~1\BAK

07/19/2004 08:51 AM 306,688 DSAgnt.exe
1 File(s) 306,688 bytes

Directory of C:\PROGRA~1\LEXMAR~1\BAK

08/19/2003 06:43 AM 57,344 lxbkbmgr.exe
1 File(s) 57,344 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/20/2002 05:08 PM 1,511,453 msmsgs.exe
1 File(s) 1,511,453 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

01/12/2004 10:37 AM 77,824 qttask.exe
1 File(s) 77,824 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 11:42 AM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSOFT~1\BAK

06/25/2003 12:24 PM 49,152 HPWuSchd.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\HP\HPCORE~1\BAK

08/20/2003 03:57 PM 221,184 hpcmpmgr.exe
1 File(s) 221,184 bytes

Directory of C:\PROGRA~1\MUSICM~1\MUSICM~1\BAK

08/14/2002 07:29 PM 90,112 mm_tray.exe
1 File(s) 90,112 bytes

Directory of C:\PROGRA~1\REAL\REALPL~1\BAK

12/29/2002 12:57 PM 26,112 RealPlay.exe
1 File(s) 26,112 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

01/19/2007 01:49 PM 4,670,968 YAHOOM~1.EXE
03/27/2007 04:22 PM 4,670,968 YahooMessenger.exe
2 File(s) 9,341,936 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

10/07/2002 01:23 AM 90,112 hpqcmon.exe
1 File(s) 90,112 bytes


04/10/2002 06:44 PM 679,936 DirectCD.exe
1 File(s) 679,936 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\COMMON~1\{B04E6~1\BAK

02/18/2007 12:29 AM 14,336 Update.exe.vir
1 File(s) 14,336 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\WEBHAN~1\PROGRAMS\BAK

02/21/2007 04:18 PM 565,248 whagent.exe.vir
1 File(s) 565,248 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\MANTEC~1\BAK

02/18/2007 12:30 AM 70,144 msiexec.exe.vir
1 File(s) 70,144 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
10/21/2001 04:54 PM 36,864 printray.exe
2 File(s) 225,280 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\MYWEBS~1\BAR\1.BIN\BAK

02/26/2007 10:27 PM 28,672 mwsoemon.exe.vir
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

306688 Jul 19 2004 "C:\Program Files\Dell Support\DSAgnt.exe "
306688 Jul 19 2004 "C:\Program Files\Dell Support\bak\DSAgnt.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
57344 Aug 19 2003 "C:\Program Files\Lexmark X1100 Series\bak\lxbkbmgr.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\msmsgs.exe "
1511453 Aug 20 2002 "C:\Program Files\Messenger\bak\msmsgs.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\qttask.exe "
77824 Jan 12 2004 "C:\Program Files\QuickTime\bak\qttask.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe "
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
49152 Jun 25 2003 "C:\Program Files\Hewlett-Packard\HP Software Update\bak\HPWuSchd.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
221184 Aug 20 2003 "C:\Program Files\HP\hpcoretech\bak\hpcmpmgr.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe "
90112 Aug 14 2002 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe "
135168 Feb 20 2007 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ChanDir\MMJB\mm_tray.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\RealPlay.exe "
26112 Dec 29 2002 "C:\Program Files\Real\RealPlayer\bak\RealPlay.exe "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe "
4670968 Jan 19 2007 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE "
4670968 Mar 27 2007 "C:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe "
90112 Oct 7 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
679936 Apr 10 2002 "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak\DirectCD.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\Update.exe.vir "
14336 Jul 26 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~2\Update.exe.vir "
14336 Feb 18 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\bak\Update.exe.vir "
565248 Feb 21 2007 "C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\bak\whagent.exe.vir "
71680 Apr 9 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\msiexec.exe.vir "
70144 Feb 18 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\bak\msiexec.exe.vir "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\lexmarklexmark_x63b8e1\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir "
28672 Feb 26 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir "


end of report

 

Golly ........... my eyes must be tired tonight. Missed another. No need to post the log after this one though. Do this option 2 in normal mode.

"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "

When this one is done, close the log, then run FindAWF again. This time select option 4, then press 1 to continue at the next screen. At the next screen, press 1 to return to the main screen.

Now select option 3. A text file named folders.txt will open. Click below the line, then paste the following, close and save changes.

C:\Program Files\Dell Support\bak
C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak
C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
C:\Program Files\Hewlett-Packard\HP Software Update\bak
C:\Program Files\HP\hpcoretech\bak
C:\Program Files\Lexmark X1100 Series\bak
C:\Program Files\Messenger\bak
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak
C:\Program Files\QuickTime\bak
C:\Program Files\Real\RealPlayer\bak
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\bak
C:\Program Files\Yahoo!\Messenger\bak
C:\WINDOWS\SYSTEM32\bak
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak

Post the awf.txt file that opens when the tool completes.

Open Add/Remove programs. Uninstall Spy Sweeper and Trend Micro. If you are unable to uninstall Trend, you will need to open it's security center and disable everything you find an option to, then try uninstalling again. Reboot and try again if no luck.

Reboot after successful uninstallation.

You can delete all of the following tools we have used, and the files/folders they created.

C:\WINDOWS\nircmd.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\SYSTEM32\Process.exe
C:\WINDOWS\SYSTEM32\SrchSTS.exe
C:\QOOBOX
C:\Deckard
dss.exe
combofix.exe
sdfix.exe
LSPFix.exe
HJTsetup.exe
all combofix and sdfix logs and scripts

Do not get rid of HijackThis yet, or FindAWF until I have reviewed the latest log.

Can I assume you will be able to connect to the internet? If so, I would like for you to turn on the XP firewall for the connection. XP SP1 applies to that computer.

http://support.microsoft.com/kb/283673

What type of connection will it have?

 

I have already uninstalled trend micro, I removed spy sweeper as well don't know if I got it all probably not, as to the internet connection...i have 56k dial up and as well as a wireless network connect (the one I am now using) ..the owner uses roadrunner through time warner I believe. I am looking turning on/off the firewall, and I assume that I can configure the settings based on my internet connections here, but I am going to have to reconfigure settings when this computer is returned to the owner right? She has no idea how to do any configuration at all???

 

looking at the network, it is setup through the cable company, will adding my settings temporarily cause a conflict with the existing connection?

 

Ouch! That computer needs to have Service Pack 2 put on it, as well as about 80 or so Windows Updates after SP2, in addition to antivirus and firewall, and an online virus scan. Those are going to require alot of time online. SP2 alone is something like a 13 hr download on most dialup

Assuming you will be creating a new connection on the comp, enable the firewall on it. We'll be putting on a software firewall later and turning off the Windows Firewall. Her connection will be configured for firewall access upon first use.

 

the dial up is one option, I can use the wireless connection it is much faster and if I am going to be downloading I will use it. I don't like spending hour after hour waiting for a file to download...my current connection is 24mbps

 

Will you be able to connect that comp via wireless, or do you mean continuing to download on yours and transfer?

 

I would have to say it depends on how you create the connection.

 

adding wireless adapter
it is now connected at 54 mpbs I spoke too soon, it is connected but not online yet.


is continuing to download here and transfer to the other an option?

 

Great!

After you complete the last FindAWF instructions and post the log, post another new HijackThis log.

Then, with her computer now online;
Please download AVG Anti-Spyware to the Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesful message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot.
Please post the contents of the Scan report


When that's been done, please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report.

 

Maybe I spoke too soon now?

 

maybe...I am trying to connect...but the computer is looking for her missing network cable. my wireless adapter shows the connection but ie can't find the server.