[BudClark]

Questions:
1. Which is the executable one?
2. How do I find the EXE file?
3. Please clarify "Allow" attributes.
Thanks

Bud

[BudClark]

Questions:
1. Which is the executable?
2. Please clarify "Allow" attributes and how do I give the necessary right?
3. How do I find the EXE file?
THANKS.

Bud

[Osiris]

Did you do the msconfig stuff?

[BudClark]

Yes. I then installed Malwarebytes but I can't run it. I get the "Windows can't access , etc.' message.
Also the icons for these programs; HijackThis, Superantispyware,etc. are different than before. They look like a monitor screen with a small arrow in the bottom left corner rather than the regular logo icon.

Bud

[Osiris]

Try combofix

All you do is download it, double click it and away it goes. It doesnt install, its an executable, you may even want to rename it to something else.

XP Full

hopefully this works

[BudClark]

Combofix ran and I have a log. Do you want me to send it and if so , how do I do it?

Bud

[Osiris]

Paste the log here, spit it up if its to large

[BudClark]

ComboFix 09-11-05.01 - Owner 11/05/2009 11:18.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.250 [GMT -7:00]
Running from: c:\bud backup 1008\bud\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-04 19:26 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 19:26 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 03:48 . 2009-11-03 03:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-03 03:48 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-03 03:47 . 2009-11-03 03:47 -------- d-----w- c:\program files\Lavasoft
2009-11-02 19:38 . 2009-11-02 19:38 845800 ----a-w- c:\documents and settings\Owner\Application Data\MSNInstaller\msnauins.exe
2009-11-02 19:38 . 2009-11-02 19:38 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2009-11-02 18:26 . 2009-11-02 18:26 -------- d-----w- c:\program files\Trend Micro
2009-11-02 03:40 . 2009-11-02 03:40 -------- d-----w- c:\program files\VS Revo Group
2009-11-01 16:08 . 2009-11-05 18:23 -------- d--h--w- c:\windows\PIF
2009-11-01 15:52 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 21:39 . 2009-11-05 04:50 0 ----a-r- c:\windows\win32k.sys
2009-10-30 20:21 . 2009-10-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\14666629
2009-10-30 19:37 . 2009-10-30 19:37 51200 --sha-r- c:\windows\system32\Tdvean.dll
2009-10-28 21:10 . 2009-10-28 21:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:51 . 2009-10-27 23:52 -------- d-----w- c:\documents and settings\Georgina Clark\Application Data\HpUpdate
2009-10-25 21:25 . 2009-10-25 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Blitware
2009-10-25 21:25 . 2009-10-25 21:25 -------- d-----w- c:\program files\File Helper
2009-10-24 14:55 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-24 14:55 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-21 16:58 . 2009-10-21 16:58 -------- d-----w- c:\documents and settings\Georgina Clark\Local Settings\Application Data\CANON_INC
2009-10-21 12:44 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-20 23:53 . 2009-10-20 23:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 17:26 . 2009-10-19 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-10-19 17:25 . 2009-10-19 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-10-19 17:24 . 2009-10-19 17:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CANON_INC
2009-10-19 17:14 . 2009-10-19 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-19 17:13 . 2009-10-19 17:15 -------- d-----w- c:\program files\Canon
2009-10-19 17:11 . 2009-10-19 17:11 -------- d-----w- c:\program files\Common Files\Canon

[BudClark]

ComboFix 09-11-05.01 - Owner 11/05/2009 11:18.4.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.250 [GMT -7:00]
Running from: c:\bud backup 1008\bud\My Documents\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-04 19:26 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-04 19:26 . 2009-11-04 19:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-04 19:26 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 03:48 . 2009-11-03 03:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-03 03:48 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-03 03:47 . 2009-11-03 03:47 -------- d-----w- c:\program files\Lavasoft
2009-11-02 19:38 . 2009-11-02 19:38 845800 ----a-w- c:\documents and settings\Owner\Application Data\MSNInstaller\msnauins.exe
2009-11-02 19:38 . 2009-11-02 19:38 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2009-11-02 18:26 . 2009-11-02 18:26 -------- d-----w- c:\program files\Trend Micro
2009-11-02 03:40 . 2009-11-02 03:40 -------- d-----w- c:\program files\VS Revo Group
2009-11-01 16:08 . 2009-11-05 18:23 -------- d--h--w- c:\windows\PIF
2009-11-01 15:52 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 21:39 . 2009-11-05 04:50 0 ----a-r- c:\windows\win32k.sys
2009-10-30 20:21 . 2009-10-30 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\14666629
2009-10-30 19:37 . 2009-10-30 19:37 51200 --sha-r- c:\windows\system32\Tdvean.dll
2009-10-28 21:10 . 2009-10-28 21:10 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-27 23:51 . 2009-10-27 23:52 -------- d-----w- c:\documents and settings\Georgina Clark\Application Data\HpUpdate
2009-10-25 21:25 . 2009-10-25 21:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Blitware
2009-10-25 21:25 . 2009-10-25 21:25 -------- d-----w- c:\program files\File Helper
2009-10-24 14:55 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-24 14:55 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-21 16:58 . 2009-10-21 16:58 -------- d-----w- c:\documents and settings\Georgina Clark\Local Settings\Application Data\CANON_INC
2009-10-21 12:44 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-10-20 23:53 . 2009-10-20 23:53 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 17:26 . 2009-10-19 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX
2009-10-19 17:25 . 2009-10-19 17:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Canon
2009-10-19 17:24 . 2009-10-19 17:26 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CANON_INC
2009-10-19 17:14 . 2009-10-19 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2009-10-19 17:13 . 2009-10-19 17:15 -------- d-----w- c:\program files\Canon
2009-10-19 17:11 . 2009-10-19 17:11 -------- d-----w- c:\program files\Common Files\Canon

[BudClark]

((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-04 21:58 . 2008-12-19 21:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-11-04 18:59 . 2009-08-31 16:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-03 03:47 . 2008-10-21 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-01 23:49 . 2009-03-23 19:58 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2009-10-31 14:38 . 2008-10-22 18:56 9288 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-10-21 22:28 . 2008-10-22 17:43 6018 ----a-w- c:\documents and settings\Georgina Clark\Application Data\wklnhst.dat
2009-10-20 23:32 . 2008-10-22 17:09 82960 ----a-w- c:\documents and settings\Georgina Clark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 21:50 . 2008-10-20 22:24 82960 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 18:56 . 2008-10-20 22:27 -------- d-----w- c:\program files\Microsoft Works
2009-10-19 17:15 . 2008-10-20 23:34 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-17 15:36 . 2008-10-24 21:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-16 18:47 . 2009-09-11 18:42 -------- d-----w- c:\program files\rsqwsd
2009-10-16 18:45 . 2009-09-11 18:41 -------- d-----w- c:\program files\kjtqqw
2009-09-21 15:35 . 2009-09-21 15:35 -------- d-----w- c:\documents and settings\Owner\Application Data\HpUpdate
2009-09-21 15:35 . 2008-10-20 22:46 -------- d-----w- c:\program files\HP
2009-09-11 14:18 . 2004-08-12 14:01 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-12 14:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2009-08-29 08:08 9728 ----a-w- c:\windows\system32\ctfmon_xy.exe
2009-08-29 08:08 . 2004-08-12 14:09 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 04:41 . 2008-10-20 22:43 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-08-27 04:41 . 2008-10-20 22:43 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2009-08-27 04:40 . 2008-10-20 22:43 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-08-26 08:00 . 2004-08-12 14:06 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-10 344064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-11 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/1/2009 8:52 AM 64288]
R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [12/5/2008 1:27 PM 149376]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 2:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfw tdir.sys [5/14/2009 2:49 PM 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 2:47 PM 731840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [12/19/2008 2:25 PM 210216]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]

C