[Resolved] Control Panel

[summer990]

I hope this helps.

[Hoov]

Go ahead and try running combofix. If it will not run normally, then go thru msconfig with it as well. Post the log if it is generated, if not let me know what it did.

Do you have your personal information backed up? Also do you have the Windows install CD and the driver CD that came with the computer? As well as any programs that came with the computer?

Do you have access to another computer, that is clean has a CD burner and broadband internet connection?

[summer990]

I do not have access to another computer.  I did find the Windows reinstall CD and driver CD and the other programs. 
I really do not want to erase this system, and start over.  Other than my email, I don't know what you mean by is my personal information backed up.  I really don't keep any personal info on my computer.  I do have some things that I created years ago that's in my files in my computer (documents) file.  I'll try running ComboFix and well go from there.
   

[Hoov]

Windows reinstall is always the last thing to do. But it is nice knowing the option is available if necessary.  Personal information is emails, pictures, music, any documents or letters you wrote, favorites or bookmarks, any data files that are specific to certain programs etc. Anything that you cannot afford to loose.

Lets hope combofix will run.

[summer990]

Here is the log from ComboFix.  I got it to run after I clicked ok to continue after AVG tried to stop it.

No I do not have my information backed up. 


ComboFix 12-03-13.01 - Steve Mentelewicz 03/15/2012  23:03:42.10.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.282 [GMT -4:00]
Running from: c:\documents and settings\Steve Mentelewicz\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\~GLHTTP1.TMP
c:\documents and settings\All Users\Application Data\DirectCDUserNameD.txt
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\AVA37.tmp
c:\windows\system32\SET3B4D.tmp
c:\windows\system32\SET3B4E.tmp
c:\windows\system32\SET3B4F.tmp
c:\windows\system32\SET3B50.tmp
c:\windows\system32\SET3B54.tmp
c:\windows\system32\SET3B55.tmp
c:\windows\system32\SET3B58.tmp
c:\windows\system32\SET3B5B.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET765.tmp
c:\windows\system32\SET766.tmp
c:\windows\system32\SET767.tmp
c:\windows\system32\SET768.tmp
c:\windows\system32\SET76A.tmp
c:\windows\system32\SET76C.tmp
c:\windows\system32\SET76D.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-16 to 2012-03-16  )))))))))))))))))))))))))))))))
.
.
2012-03-13 03:09 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-03-13 03:09 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\dllcache\iacenc.dll
2012-03-12 06:51 . 2012-03-12 06:51   --------   d-----w-   c:\windows\system32\wbem\Repository
2012-03-12 06:39 . 2012-03-12 06:39   --------   d-----w-   c:\documents and settings\Steve Mentelewicz\Application Data\AVG2012
2012-03-12 06:39 . 2012-03-12 06:39   --------   d-----w-   C:\$AVG
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-15 02:56 . 2010-06-15 07:12   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2012-02-03 09:22 . 2008-08-28 06:26   1860096   ----a-w-   c:\windows\system32\win32k.sys
2012-01-09 16:20 . 2008-08-28 06:26   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-12-17 19:46 . 2008-08-28 06:27   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2008-08-28 06:27   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-08-28 06:26   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-02-13 06:21 . 2011-12-17 00:22   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-05-17 3350016]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2001-07-25 184376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-09-02 1043968]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2002-11-19 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 380928]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2003-03-28 143360]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2003-04-20 53248]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-06-25 57344]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-10-02 684032]
"ABBYY Community Agent"="c:\program files\ABBYY FineReader 5.0 Sprint\CAgent.exe" [2002-03-21 253952]
.
c:\documents and settings\Steve Mentelewicz\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Microsoft Office Shortcut Bar.Lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1996-11-17 333824]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]
America Online 7.0 Tray Icon.lnk - c:\program files\America Online 7.0\aoltray.exe [N/A]
AT&T Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2006-11-30 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2002-11-19 45056]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S0 eivh;eivh;c:\windows\system32\drivers\rowd.sys --> c:\windows\system32\drivers\rowd.sys [?]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 7:09 AM 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 17:15]
.
.
------- Supplementary Scan -------
.
IE: {{08AEF43E-74D8-42de-8E8C-554271CD5FED} - {AE24A17E-9B41-4e95-909D-58B34B9006B7} - c:\windows\system32\shdocvw.dll
TCP: DhcpNameServer = 192.168.1.254
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Steve Mentelewicz\Application Data\Mozilla\Firefox\Profiles\8bazaf1s.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Registry Reviver - c:\program files\Reviversoft\Registry Reviver\RegistryReviver.exe
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-03-15  23:15:51
ComboFix-quarantined-files.txt  2012-03-16 03:15
.
Pre-Run: 98,659,790,848 bytes free
Post-Run: 98,801,770,496 bytes free
.
- - End Of File - - 21B7EC43F69E7F4546E7136065E9EEE8

[Hoov]

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

    Tick the box next to YES, I accept the Terms of Use
    Click Start
    When asked, allow the ActiveX control to install
    Click Start
    Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    Click Scan (This scan can take several hours, so please be patient)
    Once the scan is completed, you may close the window
    Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    Copy and paste that log as a reply to this topic




How is your computer running?

[summer990]

Here's that copy of the ESET log.  I see it found 5 viruses.  Hope this helps.

 ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2585d21476e95d49853b53e5113a7195
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-17 04:06:40
# local_time=2012-03-17 12:06:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 122542244 122542244 0 0
# compatibility_mode=768 16777215 100 0 61100778 61100778 0 0
# compatibility_mode=1024 16777175 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 59109439 59109439 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 100 64 45543921 115422260 0 0
# scanned=79151
# found=5
# cleaned=5
# scan_time=4631
C:\Documents and Settings\Steve Mentelewicz\.jpi_cache\jar\1.0\ar.jar-307e9663-2e5f3f0e.zip   a variant of Java/TrojanDropper.Beyond trojan (deleted - quarantined)   00000000000000000000000000000000   C
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP41\A0010215.DLL   Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP41\A0010216.DLL   a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C

[summer990]

It's still acting the same since the ESET scan.  AVG will not remove, and I still can't print using the properties tab to set quick print and black and white.  Haven't checked the connection yet.  I'll do that now to see if I can get connected. 

 

[Hoov]

Two of those files were actually part of ZoneAlarm.

Can you take a look on the windows install CD and tell me what SP it is? I would like to run a System File Check with it.

Try running the AVG removal tool again. There is no need to post the log, just let me know how it went.

[summer990]

I did get connected to the internet.  Don't know if it's fixed or I just got lucky.   I looked at the windows install CD , but don't know what you mean by SP.  It's Windows XP Home Edition. 

[summer990]

After the scan was run, I rebooted with a hard boot.  AVG still locking up on the control panel add/remove screen when I try to remove it.   I have to do a restart to get add/remove screen to close.

[Hoov]

Does the Windows XP install CD say service pack on it?

[summer990]

No, the Windows XP install CD does not say service pack on it.

[summer990]

I also doubled checked the print set up, and it works ok when I'm not trying to print something from the internet.  Only when I try to print  something from online does it give me the error 126 message, when I try to print using properties, although it only prints the selection... just not quick print and in black and white.  Maybe it's the way the website is set up.

 
 

[summer990]

Just thought,  What if I tried to do a system restore from maybe December or January?  Would that do anything good or bad?