BACK DOOR BOT OR TROJAN

I am also unable to delete Qoobox. It was left behind after doing Combo Fix. My machine is very slow now. Things take forever to load now.

We'll get rid of all those tools when we are finished. I'll wait for the ESET scan then go from there.

Hi Super Dave:

It did state that there were no threats.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098


Thanks,
Karen

Let's run a few more scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Hi Super Dave:

I wanted to thank you for helping me. I appreciate all you are doing. I wanted to tell you of another suspicious way in which my computer is now acting. As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before. I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.

Here is the log:

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-28 21:01:01
-----------------------------
21:01:01.448 OS Version: Windows 5.1.2600 Service Pack 3
21:01:01.448 Number of processors: 1 586 0x209
21:01:01.448 ComputerName: KURTCOMPUTER UserName: Owner
21:01:04.854 Initialize success
21:02:42.526 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:02:42.526 Disk 0 Vendor: WDC_WD400EB-75CPF0 06.04G06 Size: 38166MB BusType: 3
21:02:42.557 Disk 0 MBR read successfully
21:02:42.557 Disk 0 MBR scan
21:02:42.573 Disk 0 Windows XP default MBR code
21:02:42.573 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38154 MB offset 63
21:02:42.573 Disk 0 scanning sectors +78140160
21:02:42.667 Disk 0 scanning C:\WINDOWS\system32\drivers
21:03:06.026 Service scanning
21:03:07.979 Modules scanning
21:03:17.385 Disk 0 trace - called modules:
21:03:17.417 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:03:17.417 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a5bbab8]
21:03:17.417 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a5b1d98]
21:03:17.432 Scan finished successfully
21:09:16.807 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:09:16.823 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


Thanks,
Karen

Hi Super Dave:

I felt bad that we were not able to run the Jotti's malware scan. I looked the scan up on the internet and found out that one of the most powerful tools in Jotti's is the Dr. Web. Do you think I should download the Dr. Web?

Thanks,
Karen

As I go to pages on the internet now at the lower left corner of my computer I see things like: Waiting, downloading, waiting for http, four items remaining, etc. I have never had this before.

I get that constantly on my computer. Normal.

I also note that I can not use my slide down bar on the right of the computer to move down the page while this crap is going on. I must wait patiently.

Yes, it really ties up the computer. I have almost the same problem when I'm on this site. I have to wait until it updates before I can move on. It probably has to do with the speed of your internet.

Please download to your Desktop: DrWebCureIt

•After the file has downloaded, disable your current Anti-Virus and disconnect from the Internet

•Doubleclick the drweb-cureit.exe file, then click the Start button, then the OK button to perform an Express Scan.

•This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.

•Once the short scan has finished, Click on the Complete scan radio button.

•Then click on the Settings menu on top, the select Change Settings or press the F9 key. You can also change the Language

•Choose the Scanning tab and I recomend leaving the Heuristic analysis enabled (this can lead to False Positives though)

•On the File types tab ensure you select All files

•Click on the Actions tab and set the following:

•Objects Infected objects = Cure, Incurable objects = Move, Suspicious objects = Report

•Infected packages Archive = Move, E-mails = Report, Containers = Move

•Malware Adware = Move, Dialers = Move, Jokes = Move, Riskware = Move, Hacktools = Move

•Do not change the Rename extension - default is: #??

•Leave the default save path for Moved files here: %USERPROFILE%\DoctorWeb\Quarantine\

•Leave prompt on Action checked

•On the Log file tab leave the Log to file checked.

•Leave the log file path alone: %USERPROFILE%\DoctorWeb\CureIt.log

•Log mode = Append

•Encoding = ANSI

•Details Leave Names of file packers and Statistics checked.

•Limit log file size = 2048 KB and leave the check mark on the Maximum log file size.

•On the General tab leave the Scan Priority on High

•Click the Apply button at the bottom, and then the OK button.

•On the right side under the Dr Web Anti-Virus Logo you will see 3 little buttons. Click the left VCR style Start button.

•In this mode it will scan Boot sectors of all disks, All removable media, and all local drives

•The more files and folders you have the longer the scan will take. On large drives it can take hours to complete.

•When the Cure option is selected, an additional context menu will open. Select the necessary action of the program, if the curing fails.

•Click Yes to all if it asks if you want to cure/move the files.

•This will move it to the %USERPROFILE%\DoctorWeb\Quarantine\ folder if it can't be cured. (in this case we need samples)

•After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

•Save the report to your Desktop. The report will be called DrWeb.csv

•Close Dr.Web Cureit.

•Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

•After reboot, post the contents of the log from Dr.Web you saved previously to your Desktop in your next reply

Dear Super Dave:

I have been preparign to do the Dr. Web Cureit scan. In doing a previous scan of ComboFix I becamse aware that I could not turn off the AVG longer than 15 minutes by default. I note in the Dr. Web Cureit literature that the Dr. Web scan may take several hours even in the Express Scan mode. Because of this factor I felt I had to obtain different protection as we did the Dr. Web scan. I chose AVAST. I note that AVAST was suggested as an addition to one of the other scans we have already done. CNET also give AVAST high marks. At any rate, it appears that AVAST can be turned off longer so that the Dr. Web scan can be completed. I removed AVG and then downloaded AVAST. I was invited to do a scan and did so. AVAST found something and moved it to its chest. It says: C:\\WINDOWS\shf_migS\KB942763\update.exe. Severity is listed as high. Status: Win32:SwPatch [Wrm] Action: Moved to chest. Result: Action succesful. After that scan it was suggested by AVAST that I do a boot scan.
I agreed to that because AVAST told me there could be something icky there. The boot scan also found something. If actually found several items it called cyclic redundancy. One threat was also found and moved to the chest. I am upset that no log can be printed of this so that you can see what was done. I have tried to right click and copy to no avail.

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.

Thanks,
Karen

Does this mean anything to you? I am preparing to do the Dr. Web now and will post that next. After that process is complete I will delete the AVAST and reinstall the AVG. I am not comfortable with the AVAST.

You're better off without AVG. I would recommend MSE which is very user friendly.

4) Microsoft Security Essentials for Windows Vista\Windows 7 - 64 bit Download
Microsoft Security Essentials for Windows XP

Hi Super Dave:

Dr. Web scans are now done. I am going to uninstall AVAST and then reinstall AVG for now. I will investigate MSE. Never heard of it. Here are the scans from Dr. Web:

GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-------
GetAd[1].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[3].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[3].aspx;Probably SCRIPT.Virus;;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[3].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[4].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[4].aspx;Probably SCRIPT.Virus;;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[4].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[5].aspx\JSFile_1[0][610];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ\GetAd[5].aspx;Probably SCRIPT.Virus;;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Container contains infected objects;Moved.;
GetAd[5].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\4EDI5ZQJ;Probably SCRIPT.Virus;Invalid path to file ;
ajs[1].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NCSUB2MF;Probably SCRIPT.Virus;Moved.;
ajs[3].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Moved.;
GetAd[1].aspx\JSFile_1[0][7ce];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[1].aspx;Probably SCRIPT.Virus;;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[1].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
GetAd[2].aspx\JSFile_1[0][6be];C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX\GetAd[2].aspx;Probably SCRIPT.Virus;;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Container contains infected objects;Moved.;
GetAd[2].aspx;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OWDR3ROX;Probably SCRIPT.Virus;Invalid path to file ;
ajs[4].php;C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\VPN5OVGP;Probably SCRIPT.Virus;Moved.;
MCCWrapper.dll;C:\Program Files\Common Files\Motive;Probably DLOADER.Trojan;Moved.;
setup.exe;C:\Program Files\Common Files\Real\Update_OB\~Upg0;Trojan.DownLoader3.10443;Deleted.;
A0502092.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3089;Tool.InstallToolbar.48 - read error;Invalid path to file ;
A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;
A0505605.exe;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3108;Trojan.DownLoader3.10443;Deleted.;
-----
Thanks,
Karen

Hi Super Dave:

Here is the Avenger log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.
--------

I do not understand how this Avenger can say that nothing was found. The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable. Also I did an AVG scan as soon as I got it reloaded. AVG declared Rootkit found: hidden=not removed.

Thanks,
Karen

The Dr. Web had one item it said could not be removed. It said: A0504260.pif C:\system volume information\Trojan.muldrop2.44646. Incurable.

Dr Web also showed this: A0504260.pif;C:\System Volume Information\_restore{2C77E77B-A42C-4B63-B1C7-3D2020EEE0A3}\RP3098;Trojan.MulDrop2.44246;Incurable.Moved.;

Please run another scan with ESET and post the log. Also please run this next scanner.

Run the BitDefender Online scanner

Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

Once Bitdefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report.

When the window comes up to save the report, change the Save as type: box to:
Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

Post the bdscan.txt file as an Attachment.

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

Hi Super Dave:

Here is the ESET Scan. Three files were found. I will do the Bit Defrender scan next.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-22 06:36:40
# local_time=2012-01-21 10:36:40 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 8939126 8939126 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=64320
# found=0
# cleaned=0
# scan_time=7566
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-23 08:08:08
# local_time=2012-01-23 12:08:08 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9029276 9029276 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63609
# found=0
# cleaned=0
# scan_time=9347
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-28 01:22:36
# local_time=2012-01-27 05:22:36 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 9437150 9437150 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63148
# found=0
# cleaned=0
# scan_time=9098
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=13656a6f3f583542bd1597b2303801ee
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-03 01:23:14
# local_time=2012-02-02 05:23:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=4864 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 98915 98915 0 0
# scanned=62931
# found=3
# cleaned=3
# scan_time=9407
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WDBM1R6R\authcpa[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway[2].php JS/TrojanClicker.Agent.NCQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\YFAFQ7RB\mygateway_iframe_loader[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000
------

Thanks,
Karen

Hi Super Dave:


Here is the Bit Defender scan.


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Thu Feb 02 22:41:43 2012
Machine ID: 781AED93



No infection found.
-------------------



Processes
---------
AVG Internet Security 408 C:\Program Files\AVG\AVG2012\avgcsrvx.exe
AVG Internet Security 3844 C:\Program Files\AVG\AVG2012\avgemcx.exe
AVG Internet Security 4088 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
AVG Internet Security 4068 C:\Program Files\AVG\AVG2012\avgnsx.exe
AVG Internet Security 2496 C:\Program Files\AVG\AVG2012\avgrsx.exe
AVG Internet Security 208 C:\Program Files\AVG\AVG2012\avgtray.exe
AVG Internet Security 2976 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
CrypKey Software Licensing System 1884 C:\WINDOWS\system32\Crypserv.exe
mcci+McciCMService 1920 C:\Program Files\Common Files\Motive\McciCMService.exe
Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\spoolsv.exe
PMB 2000 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
(verified) Microsoft® Windows® Operating System 2720 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2168 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 620 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3340 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 700 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\searchindexer.exe
(verified) Microsoft® Windows® Operating System 688 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1224 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1832 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 1960 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3336 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3348 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4016 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 443 (HTTP over SSL) --> 173.194.33.5
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 98.142.98.80
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 173.194.33.27
Process iexplore.exe (1960) connected on port 80 (HTTP) --> 71.0.51.247
Process explorer.exe (2720) connected on port 80 (HTTP) --> 65.55.11.179
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (3348) connected on port 80 (HTTP) --> 173.193.11.19
Process iexplore.exe (4016) connected on port 80 (HTTP) --> 173.194.33.6

Process svchost.exe (936) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AVG Internet Security C:\Program Files\AVG\AVG2012\avgtray.exe
Intel(R) Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
AVG Internet Security c:\program files\avg\avg2012\avgssie.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
getPlus+(R) C:\WINDOWS\Downloaded Program Files\gp.ocx
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Picasa C:\Program Files\Picasa2\npPicasa2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer(tm) G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll


Scan
----
MD5: 8082f66dc9c8167ff1aa548736f58457 C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: cf109aa996155b94980bec67896e4d6c C:\Program Files\AVG\AVG2012\avgcclix.dll
MD5: 5e6f508618023f398097c080a413d681 C:\Program Files\AVG\AVG2012\avgcertx.dll
MD5: cd45d6a98124b372b325ba230d0023fb C:\Program Files\AVG\AVG2012\avgcfgx.dll
MD5: 6dd1938711903d46ac3a82d4aa12bbec C:\Program Files\AVG\AVG2012\avgchclx.dll
MD5: f37ec91e5d8c51c86dc0337cb84a15b8 C:\Program Files\AVG\AVG2012\avgchjwx.dll
MD5: cfc932d4a910be89f2107e9f26e83fe3 C:\Program Files\AVG\AVG2012\avgclitx.dll
MD5: 27cbe6684edb345083d15f2c93045df2 C:\Program Files\AVG\AVG2012\avgcorex.dll
MD5: b4866ba452702eb04fde2959e6f429ef C:\Program Files\AVG\AVG2012\avgcslx.dll
MD5: 7713613deef6cb1185c5ece19cb3651a C:\Program Files\AVG\AVG2012\avgcsrvx.exe
MD5: cac5ec89703f3fb7ef0c172c56bdc9f0 C:\Program Files\AVG\AVG2012\avgemcx.exe
MD5: 6d440ff3f44ca72edfd6176c6d6a89c0 C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
MD5: 343e039c305c967478a37270209216e9 C:\Program Files\AVG\AVG2012\avglogx.dll
MD5: 10b0cdf6c807cabaec3fc33c639a7d6e C:\Program Files\AVG\AVG2012\avgnsx.exe
MD5: 776bdda6c1bcca99b456a4bec953013c C:\Program Files\AVG\AVG2012\avgntopensslx.dll
MD5: 49107ec6feade60caa539fcba6397eff C:\Program Files\AVG\AVG2012\avgopensslx.dll
MD5: 5f6135229bea89cf61fdff0ea506a00d C:\Program Files\AVG\AVG2012\avgrsx.exe
MD5: a9262a652353f644753b90265bed1478 C:\Program Files\AVG\AVG2012\avgse.dll
MD5: 973e131dec4e14804c5b4e1ba04b0115 c:\program files\avg\avg2012\avgssie.dll
MD5: bd608b43aa4f152de1d5667ee973f9e3 C:\Program Files\AVG\AVG2012\avgsysx.dll
MD5: 9f280f1f38fc6b73d35cb77917e6d89e C:\Program Files\AVG\AVG2012\avgtray.exe
MD5: 6699ece24fe4b3f752a66c66a602ee86 C:\Program Files\AVG\AVG2012\avgwdsvc.exe
MD5: 7e639f6e87ef2e1122097b95ab4b889b C:\Program Files\AVG\AVG2012\avgxpl.dll
MD5: 8a3ba48b5be893e1d81bfac17a3c1b1f c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: a99783ada78e538fc9f5e7d9c21b33d2 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: f8b823414a22dbf3bec10dcaa5f93cd8 C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: 69a3f07fad1fed82fb70b561593bbf54 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 53fe2d34b143efdb80685281e751b91c C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 865250e2742e49c02b0c4307ab042478 C:\Program Files\Internet Explorer\plugins\nppdf32.PLG
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 89b42ab664ddd9d69f1a7cb94f0d5985 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 46d748ab26eba869c6953863afd0617d c:\Program Files\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 3270cda806521b7ba0880b873856bc57 C:\Program Files\Picasa2\npPicasa2.dll
MD5: 73430e79d6df4de9055e2a7742b881d3 C:\Program Files\QuickTime\qttask.exe
MD5: 94dfb62f51d7bcb03f80f9d33bb7f54f C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 985eff8b21f8f825aa156b2bd268f2b9 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 30257426f6da31808c6698ec01de2d97 C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: 627fa58adc043704f9d14ca44340956f C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
MD5: d617404d119b1db10366692447d8a648 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
MD5: 67d2688756dd304af655349baad82bff C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MD5: 0e28e671281ebf1f1f8fe093d2bd4a7b C:\Program Files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: 2c2830b08045e2a1c1930eb064a8fac0 C:\Program Files\Windows Desktop Search\wdsShell.dll
MD5: ce41e6add1886dcffb9ce10e5fdf8b7a C:\Program Files\Windows Live\Family Safety\fsapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 2bc9e43f55de8c30fc817ed56d0ee907 C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS
MD5: 594b9d8194e3f4ecbf0325bd10bbeb05 C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 9878a6010d689b057bb2933f78124617 C:\WINDOWS\Downloaded Program Files\gp.ocx
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 219af0f9a54ebeeb3e7e20025d801034 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll
MD5: ea3af33a9341b88d23fdc20d6ec826fe c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 36ba8022693af7e967359ff3f97531d7 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll
MD5: 327de7a9766cc9aa302c8d7f3925c8ce c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: b6a800d881a0176c544988870861e798 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: d05ab88927849df74cf4f1c303daeb4f c:\windows\system32\adptif.dll
MD5: 5ef7dd401771693245d46f4b0b69fe2b C:\WINDOWS\system32\ckldrv.sys
MD5: a31d3787ecb0e43ef63ce410f4e96c18 C:\WINDOWS\system32\CNBJMON2.DLL
MD5: b995a68a741a2d6d372b4b2409edc38b C:\WINDOWS\system32\CNMLM2R.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: 133f82b6391f3390becfa429c23fb2be C:\WINDOWS\system32\Crypserv.exe
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: dd40363abad230a84c5e2178b11efa88 C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 78e862846112347eee8214b649ae563f C:\WINDOWS\system32\dispex.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 11c04b17ed2abbb4833694bcd644ac90 C:\WINDOWS\system32\drivers\aeaudio.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 4fa401b33c1b50c816486f6951244a14 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
MD5: 69578bc9d43d614c6b3455db4af19762 C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
MD5: 6df528406aa22201f392b9b19121cd6f C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
MD5: 1e01c2166b5599802bcd61b9691f7476 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
MD5: bf8118cd5e2255387b715b534d64acd1 C:\WINDOWS\system32\DRIVERS\avgldx86.sys
MD5: 1c77ef67f196466adc9924cb288afe87 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
MD5: f2038ed7284b79dcef581468121192a9 C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
MD5: a6d562b612216d8d02a35ebeb92366bd C:\WINDOWS\system32\DRIVERS\avgtdix.sys
MD5: 5d7be7b19e827125e016325334e58ff1 C:\WINDOWS\System32\Drivers\BANTExt.sys
MD5: b60f57b4d9cdbc663cc03eb8af7ec34e C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys
MD5: 41347688046d49cde0f6d138a534f73d C:\WINDOWS\System32\DRIVERS\BCMSM.sys
MD5: 7a0b457eefef8cbaa0cc44c8819113bd C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
MD5: d4d7331d33d1fa73e588e5ce0d90a4c1 C:\WINDOWS\system32\drivers\ialmkchw.sys
MD5: 44b7d5a4f2bd9fe21aea0bb0bace38c4 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
MD5: fd1f4e9cf06c71c8d73a24acf18d8296 C:\WINDOWS\system32\drivers\ialmsbw.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\System32\DRIVERS\ndistapi.sys
MD5: 8b8b1be2dba4025da6786c645f77f123 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
MD5: cec7e2c6c1fa00c7ab2f5434f848ae51 C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
MD5: 972dea0d8149d73c5b7a2c97b2e749e3 C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys
MD5: 31fd0707c7dbe715234f2823b27214fe C:\WINDOWS\system32\drivers\smwdm.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: df8444a8fa8fd38d8848bdd40a8403b3 C:\WINDOWS\system32\drivers\tmcomm.sys
MD5: c60dc16d4e406810fad54b98dc92d5ec C:\WINDOWS\System32\Drivers\wpdusb.sys
MD5: ffb3115aa757abefba7fba90bad5dd0a C:\WINDOWS\system32\en-us\tQuery.dll.mui
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\esent.dll
MD5: 0b8fb29cda02015448c9f5260a013f19 C:\WINDOWS\system32\IEFRAME.dll
MD5: 515aaa9c87d5c475b06dfeba3706d74f C:\WINDOWS\system32\iepeers.dll
MD5: 1ab894fa897e26b23ca53beed72f61f4 C:\WINDOWS\system32\iertutil.dll
MD5: e5926bc2e9cfa7d13f05b5e5f8e9cd52 C:\WINDOWS\system32\igfxsrvc.dll
MD5: b6932761058dc21beaa7a1245b1b20e6 C:\WINDOWS\system32\infosoft.dll
MD5: 4b83fcbbe72af5f99d109798653e8b78 c:\windows\system32\ipxsap.dll
MD5: b1ded39112e0c85bafa58dcbec6718b6 C:\WINDOWS\System32\ipxwan.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 6b890b23b7b82345ae820e9d0e056b13 c:\windows\system32\macromed\flash\flash10u.ocx
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: dd8d655e1881b70a5259a23a6018a6c2 C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 6bad1bed9872e62049e487fb91ae2f3a C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\oleacc.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: b92a85618a470f4406cee8785ce89b4f c:\windows\system32\rtm.dll
MD5: a645a78fcdabad67067324d7e6cd9f79 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 8ea4d2fb065d9a7cb63d36f80180d08c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD2R.DLL
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: a60fc9ca376dba1235c63e960996f013 C:\WINDOWS\system32\syncui.dll
MD5: 496ce99bbbb7680323921df30b405c36 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 699fd04ec634bb3681f11b427f852187 C:\WINDOWS\System32\vsdatant.sys
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: 684559a03cbc1d05ba120a18b0d8ba5d C:\WINDOWS\System32\WINHTTP.dll
MD5: 552263502ea8c24d301a0c43ff90b3ed C:\WINDOWS\system32\WININET.dll
MD5: 4a953f13942867ba8fb41f141ec1b80c C:\WINDOWS\System32\WINMM.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 8c7dca4b158bf16894120786a7a5f366 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 811bb60991fc03a63f2f844a3f9c6488 C:\WINDOWS\System32\wshisn.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 58a14c45a5cd2528f10a889e7b0c3fc2 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_92453bb7\ATL90.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.01 MB sent, 0.72 KB recvd
Scanned 557 files and modules - 40 seconds

==============================================================================
Good News
Your computer appears to be clean

With 1.5 million new viruses created every month, try our award-winning software and keep your stuff protected!

Thanks,
Karen

How's your computer working now? Any other issues?

Hi Super Dave:

Seems much better now with the exception of one thing. When exploring the interent I have to hit refresh to get pages to initially display. I have never had to do this before. This seems to have started after we did the Dr. Web and is now almost intolerable.

I will need help in clearing out all items you and I installed to fix the computer. I particularly can not get rid of the Qoobox.

Thanks so much,
Karen

When exploring the interent I have to hit refresh to get pages to initially display.

What browser? Did you try another one? We'll do some cleanup once this problem is resolved. Please try this:

Please download

Mi

niToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
  
• Report IE Proxy Settings
  
• Reset IE Proxy Settings
  
• List content of Hosts
  
• List IP Configuration
  
• Lst Last 10 Event Viewer Errors
  
• List Users, Partitions and Memory Size
  

Click Go and copy/paste the log (Result.txt) into your next post.

Hi Super Dave:

I use Internet Explorer. Here is the log report.

Thanks,
Karen
-------------
MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 03-02-2012 at 21:37:41
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Broadcom 440x 10/100 Integrated Controller = CENTURY LINK (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "CENTURY LINK"

set address name="CENTURY LINK" source=dhcp
set dns name="CENTURY LINK" source=dhcp register=PRIMARY
set wins name="CENTURY LINK" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : kurtcomputer

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Peer-Peer

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : westell.com



Ethernet adapter CENTURY LINK:



Connection-specific DNS Suffix . : westell.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-0D-56-5A-2F-31

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.0.31

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.0.1

DHCP Server . . . . . . . . . . . : 10.0.0.1

DNS Servers . . . . . . . . . . . : 10.0.0.1

Lease Obtained. . . . . . . . . . : Friday, February 03, 2012 9:16:13 PM

Lease Expires . . . . . . . . . . : Saturday, February 04, 2012 9:16:13 PM

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: google.com
Addresses: 74.125.53.104, 74.125.53.105, 74.125.53.106, 74.125.53.147
74.125.53.99, 74.125.53.103



Pinging google.com [74.125.53.103] with 32 bytes of data:



Reply from 74.125.53.103: bytes=32 time=43ms TTL=54

Reply from 74.125.53.103: bytes=32 time=50ms TTL=54



Ping statistics for 74.125.53.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 43ms, Maximum = 50ms, Average = 46ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: yahoo.com
Addresses: 98.139.180.149, 209.191.122.70, 72.30.2.43, 98.137.149.56



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=137ms TTL=55

Reply from 98.137.149.56: bytes=32 time=55ms TTL=55



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 55ms, Maximum = 137ms, Average = 96ms

Server: dslrouter.westell.com
Address: 10.0.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0d 56 5a 2f 31 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.31 20
10.0.0.0 255.255.255.0 10.0.0.31 10.0.0.31 20
10.0.0.31 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.0.31 10.0.0.31 20
255.255.255.255 255.255.255.255 10.0.0.31 10.0.0.31 1
Default Gateway: 10.0.0.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service) (User: )
Description: The entry in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 09:16:32 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 06:44:26 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The TICalc service failed to start due to the following error:
%%2

Error: (02/03/2012 01:45:21 PM) (Source: Service Control Manager) (User: )
Description: The Help and Support service terminated with the following error:
%%126

Error: (02/03/2012 01:37:58 PM) (Source: Service Control Manager) (User: )
Description: The NTPort Library Driver service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/01/2012 08:14:02 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:04:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:57 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (02/01/2012 08:03:42 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:03:09 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/30/2012 01:02:45 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI

Error: (01/29/2012 10:24:08 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\OWNER\RECENT\DESKTOP.INI


========================= Memory info: ===================================

Percentage of memory in use: 27%
Total physical RAM: 2046 MB
Available physical RAM: 1477.96 MB
Total Pagefile: 2856.7 MB
Available Pagefile: 2315.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1975.27 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:37.26 GB) (Free:14.57 GB) NTFS

========================= Users: ========================================

User accounts for \\KURTCOMPUTER

Administrator Guest HelpAssistant
JEFF Owner SUPPORT_388945a0


**** End of log ****

Hi Super Dave:

I did not open this topic to view your response until just a few moments ago. The computer has been running better today. Not doing the "needs refresh to see the web page" thing at all today.

I appreciate all that you have done for me. I am disburbed that there were so many viruses on my computer this time. I take good care of my computer
and I am very careful about how I surf the internet, etc.

Do you think it is safe now to delete the programs that you and I used to fix my computer?

Thanks,
Karen

Ok. We can do some cleanup.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
*****************************************************
To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.

1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives"
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.
This will give your computer a new, clean System Restore Point.
*******************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi Super Dave:

I installed Comodo. That seems nice. Did the OTL stuff, but Qoobox did not leave. I am waiting to do a system restore until we get rid of Quoobox. What shall I do to get rid of it?

Thanks,
Karen

Hi Super Dave:

I looked in the folder and there is another folder inside called Back Env. When I click on the Back Env. folder it says : access is denied. When I try to delete the Qoobox folder it looks like it is going to delete and then stops and gives me an error message of: Can not delete Back Env. Access is denied. Make sure the disk is not full or write protected and that the file is not currently in use.

I tried to do another OTL clean up and the link no longer works when I double click on it.

Do not want to do a restore point until that Qoobox is gone. Can you help?

Thanks,
Karen

I tried to do another OTL clean up and the link no longer works when I double click on it.

OTL cleanup removes itself. Please try deleting that folder using Unlocker.

You can download and install Unlocker .

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

karenor wrote:

Hi Super Dave:

I as able to delete the file finally. I am now going to do a System Restore Point.

Thanks,
Karen

You're welcome Karen. Good luck and stay safe.