dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
8359
share rss forum feed

turbovmax

join:2003-08-03
Glendale, CA

Microsoft security essentials problem

I got the FBI virus. I got as far as opening "My Documents", Regedit and started a restore. Couldn't find how to fix it. Took it to my local PC guy. He got rid of the virus. I am having a problem with Microsoft Security Essentials. I did a uninstall, the correct way, and did a regedit looking for any other files and found a few. Deleted them But when I try to install it from Microsoft it states there is already Essentials in my computer and to uninstall it before trying to reinstall it. The PC guy spent three hours yesterday trying to figure it out and could not find a fix. So just so I have a virus protection I downloaded AVG free. Also when on the desktop with nothing open the mouse arrow flashes the hour glass as if something is running. When I open task manager I am getting a spike of 100 percent on the CPU.

I think the logs are correct. Please advise of any changes or additional info needed.

LOGS


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
Opening up for easier analysis

Malwarebytes Anti-Malware (PRO) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.03.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
George :: G [administrator]

Protection: Enabled

4/3/2013 3:56:16 PM
mbam-log-2013-04-03 (15-56-16).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271757
Time elapsed: 1 hour(s), 44 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL logfile created on: 4/4/2013 5:40:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.55% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 53.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Computer Name: G | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/04/04 17:35:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\George\My Documents\Downloads\OTL.exe
PRC - [2013/03/30 14:44:14 | 001,219,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/03/12 00:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/02/26 23:41:54 | 000,763,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:34 | 001,116,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/02/19 04:01:04 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/03/30 14:44:14 | 001,219,248 | ---- | M] () -- C:\Program Files\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/30 14:44:14 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/03/29 16:28:26 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/29 16:03:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/12 18:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/19 02:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/03/03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\George\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/03/30 14:44:15 | 000,033,624 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/26 23:40:46 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/02/14 03:52:46 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2012/01/12 19:52:06 | 000,030,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2011/10/16 10:00:47 | 000,042,752 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2011/10/12 14:45:05 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2011/10/12 14:40:18 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2011/08/19 02:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 02:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/04/01 07:35:26 | 000,051,200 | ---- | M] (Gigaware) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Svk2pl.sys -- (Svk2pl)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
DRV - [2005/12/01 22:49:00 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/28 02:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/20 03:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 15:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 14:06:14 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/22 14:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 02:06:00 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/01 18:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/01 17:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/03/09 15:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wrh.noaa.gov/lox/main.php?suite=public
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.wrh.noaa.gov/lox/main.php?suite=public"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/29 16:03:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/10/11 06:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Extensions
[2012/10/25 20:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/29 16:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2011/10/27 07:23:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/29 16:03:09 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013/03/29 16:02:41 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/03/29 16:02:41 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/29 13:14:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - Startup: C:\Documents and Settings\George\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1364671539328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CE8DF0D-34BD-4EC1-8C88-D82F12116999}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\George\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/11 00:06:22 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/04/04 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\AVG Secure Search
[2013/04/01 16:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information_files
[2013/04/01 16:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/01 16:40:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/01 16:40:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/03/30 19:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\AVG2013
[2013/03/30 14:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/03/30 14:45:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\TuneUp Software
[2013/03/30 14:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:44:46 | 000,033,624 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/30 14:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/03/30 14:44:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/03/30 14:42:10 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/30 14:42:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/30 14:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/03/30 14:36:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\MFAData
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/03/30 14:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\Avg2013
[2013/03/30 13:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Windows Search
[2013/03/30 13:19:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2013/03/30 13:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/03/30 13:19:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/03/30 13:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/03/30 13:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/03/30 13:03:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2013/03/30 13:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2013/03/30 13:03:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$
[2013/03/30 13:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Application Data\Windows Desktop Search
[2013/03/30 13:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2013/03/30 13:02:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2013/03/30 13:01:41 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\offfilt.dll
[2013/03/30 13:01:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nlhtml.dll
[2013/03/30 13:01:41 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mimefilt.dll
[2013/03/30 12:20:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/30 11:50:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/03/30 11:50:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Start Menu\Programs\Sophos
[2013/03/30 11:47:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/03/29 16:55:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\George\PrivacIE
[2013/03/29 16:53:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\George\IETldCache
[2013/03/29 16:42:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/03/29 16:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013/03/29 16:39:00 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/03/29 16:35:04 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/03/29 16:33:19 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/03/29 16:33:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/03/29 16:33:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/03/29 16:33:16 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/03/29 16:33:13 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/03/29 16:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/29 13:47:14 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/03/29 13:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013/03/29 13:06:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/03/29 12:20:18 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/29 12:20:18 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/29 11:36:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/03/29 11:36:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/03/29 11:36:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/03/29 11:36:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/03/29 11:35:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/29 11:34:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/03/28 11:11:32 | 000,000,000 | ---D | C] -- C:\18fc8b7197ba6dc4e8
[2013/03/28 11:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2013/03/28 11:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/28 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/03/28 11:03:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/03/28 11:03:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\George\Local Settings\Application Data\HTC

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/04/04 17:46:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/04/04 17:35:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 17:34:48 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/04/04 17:33:34 | 000,574,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/04 17:33:34 | 000,139,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/04 17:24:26 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 17:24:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/04 16:48:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/02 03:33:22 | 000,237,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/04/01 19:42:46 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2013/04/01 16:54:24 | 000,038,255 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information.htm
[2013/04/01 16:40:57 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/01 16:40:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MalwareBytes.lnk
[2013/03/31 15:13:23 | 000,001,498 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Calculator.lnk
[2013/03/31 09:13:58 | 000,001,917 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/03/30 16:10:24 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Sophos Virus Removal Tool.lnk
[2013/03/30 14:45:09 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/30 14:44:15 | 000,033,624 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/03/30 13:36:39 | 000,012,824 | ---- | M] () -- C:\FixitRegBackup.reg
[2013/03/30 13:34:57 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/30 13:02:57 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/29 16:53:59 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/29 16:28:25 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/29 16:28:25 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/29 13:59:27 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\George\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/29 13:58:29 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\George\Desktop\Dropbox.lnk
[2013/03/29 13:47:14 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2013/03/29 13:19:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/03/29 13:14:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/03/29 12:39:52 | 000,001,816 | -HS- | M] () -- C:\hpqp.ini
[2013/03/29 12:39:49 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2013/03/27 21:44:58 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/04/01 16:54:22 | 000,038,255 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Mandatory Steps Before Requesting Assistance Security Cleanup FAQ _ DSLReports.com, ISP Information.htm
[2013/04/01 16:40:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\George\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/04/01 16:40:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MalwareBytes.lnk
[2013/03/31 15:13:23 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Calculator.lnk
[2013/03/30 14:45:09 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/03/30 14:33:22 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/03/30 13:36:38 | 000,012,824 | ---- | C] () -- C:\FixitRegBackup.reg
[2013/03/30 13:02:57 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2013/03/30 13:02:57 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2013/03/30 13:00:35 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2013/03/30 11:50:52 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\George\Desktop\Sophos Virus Removal Tool.lnk
[2013/03/29 13:07:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/03/29 13:06:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/03/29 11:36:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/03/29 11:36:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/03/29 11:36:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/03/29 11:36:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/03/29 11:36:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/08/26 10:33:32 | 000,117,655 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2012/08/26 10:33:07 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2012/03/07 21:03:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/24 18:08:42 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/10/23 17:06:15 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\WebpageIcons.db
[2011/10/16 12:20:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/10/15 15:16:26 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2011/10/15 15:16:26 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2011/10/12 14:45:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011/10/11 19:12:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/11 05:01:55 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\George\Local Settings\Application Data\fusioncache.dat
[2011/10/11 00:09:47 | 000,000,167 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2011/10/11 00:08:51 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 23:59:16 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/10/10 23:52:14 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2011/10/10 23:40:23 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/10/10 23:24:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/10 23:19:23 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/10 15:24:11 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/10 15:20:20 | 000,229,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/19 02:26:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2011/08/19 02:26:20 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2011/08/19 02:26:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/25 23:48:54 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2011/10/10 23:44:00 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/02/06 03:48:44 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2013/01/16 18:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/29 17:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/03/30 19:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:46:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/03/30 14:36:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/28 11:03:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/04/04 17:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/16 12:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2011/10/11 00:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2011/10/12 13:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/03/30 11:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2013/03/28 11:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2013/03/30 14:44:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\AVG SafeGuard toolbar
[2013/03/30 14:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\AVG2013
[2013/04/04 17:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Dropbox
[2012/08/28 15:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Image Zone Express
[2011/10/15 17:18:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Leadertech
[2013/03/28 11:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Teleca
[2013/03/30 14:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\TuneUp Software
[2011/10/12 14:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Uniblue
[2013/03/30 13:03:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Windows Desktop Search
[2013/03/30 13:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\George\Application Data\Windows Search

[color=#E56717]========== Purity Check ==========[/color]

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
OTL Extras logfile created on: 4/4/2013 5:40:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\George\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 55.55% Memory free
3.85 Gb Paging File | 3.08 Gb Available in Paging File | 80.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 73.52 Gb Total Space | 53.46 Gb Free Space | 72.71% Space Free | Partition Type: NTFS

Computer Name: G | User Name: George | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\George\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgemcx.exe" = C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal Email Scanner -- (AVG Technologies CZ, s.r.o.)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{34D54E98-A8FA-4970-A625-2EC73F91FAB3}" = AVG 2013
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.0
"{48A5AB54-6327-43DC-A376-4AC74C5D40B0}" = AVG 2013
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D17A2FDC-5C16-439C-A0E1-FF350079447E}" = HP User Guides 0026
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2013
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Rhapsody" = HP Rhapsody
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 4/2/2013 8:55:08 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 8:55:08 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/2/2013 9:43:17 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/2/2013 9:43:17 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/3/2013 5:29:29 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/3/2013 5:29:29 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/4/2013 7:55:45 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/4/2013 7:55:45 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 4/4/2013 8:33:26 PM | Computer Name = G | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 4/4/2013 8:33:26 PM | Computer Name = G | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 4/4/2013 7:51:01 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/4/2013 7:51:01 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

Error - 4/4/2013 7:51:58 PM | Computer Name = G | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The OrangeWare USB Enhanced Host Controller Service service failed
to start due to the following error: %%1058

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%2

Error - 4/4/2013 8:25:45 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Internet Pass-Through Service service failed to start due to the
following error: %%2

Error - 4/4/2013 8:27:50 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 4/4/2013 8:27:50 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 4/4/2013 8:28:41 PM | Computer Name = G | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 4/4/2013 8:28:41 PM | Computer Name = G | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Disabled!
AVG 2013
Sophos Virus Removal Tool
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 17
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox (19.0.2)
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Microsoft Security Essentials MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 17% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color]
[u]````````````````````End of Log``````````````````````[/u]

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91d4e0415abdd44db0268b9e609a39ee
# engine=13553
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-05 02:56:10
# local_time=2013-04-04 07:56:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=771 16777214 16 1 15243605 15243605 0 0
# compatibility_mode=1040 16777213 100 93 0 51314154 0 0
# compatibility_mode=5892 16777213 77 94 550106 17815942 0 0
# compatibility_mode=8449 16774142 16 1 39252274 39252274 0 0
# scanned=71414
# found=0
# cleaned=0
# scan_time=5049
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 edit

1 recommendation

reply to turbovmax
Hi turbovmax

Problems sometimes can be caused by other's use of utilities when they aren't sure how to use them, and there's no good way to determine what they (your "local PC guy") did. For instance I see that someone ran ComboFix without uninstalling it afterwards.

Please post the log from ComboFix that should still be located at C:\ComboFix.txt.

Please post the log from Sophos Virus Removal Tool which it appears you ran (it's in your installed program list).

Did you run AdwCleaner? Please post the log from it at C:\AdwCleaner[S1].txt.

Do you know what program created this file:
C:\FixitRegBackup.reg

If you don't know, please right-click on the file, select Edit, and when it opens in Notepad copy and paste the contents in your next reply.

I see that you have your Windows Firewall turned off, and I don't see another listed.
In part of your logs I do see these listed, but no longer in your uninstall list. I would not recommend the first two listed:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

I see you have Revo Uninstaller. I would run it and see if it can find any part of those programs to uninstall (leave Sophos Virus Removal Tool installed for now) since you no longer have them currently installed (they weren't in your installed program list).

You need to uninstall this old vulnerable version of Java from Windows Control Panel:
J2SE Runtime Environment 5.0 Update 6

Can you turn on your Windows Firewall? If you can, you need to do that now. If you can't, please let me know.

What is in this folder, or is it empty?
C:\18fc8b7197ba6dc4e8

Please post the logs from ComboFix, Sophos Virus Removal Tool, AdwCleaner, ESET's online scanner, let me know what program created the file FixitRegBackup.reg or post the contents of the file, and let me know what is in the folder - C:\18fc8b7197ba6dc4e8.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA

1 edit
Joker. Some things I know how to do but most things I do not. Not so computer smart. So, where do I find installed programs. I looked in the C drive and not sure it was there.

I don't know which program created c:\FixitRegBackup.reg. And I don't know how to locate the file.

I did a regedit or all those AntiVirus files after I thought I uninstalled them and removed any files found and I see there still there. None are listed in Revo.

Uninstalled the Java file but there is still an old Icon in control panel that is not working.

Turned on the firewall.

I found the long numbered file and it had many files within it but there was nothing in those files.

I think I attached all the scan files you requested. I will go over it all again to make sure I did not miss something. I know I have not been very much help. I just don't know how to do some of these things. I had this problem with a Microsoft Software forum post and I let the moderator share the computer and clean things up. We have been chatting for over ten years now. So if you feel this is something you might want to do let me know. One thing. I am a truck driver and don't get to turn on the computer a lot on the road. I am stationary today and this evening, and tomorrow morning. Thanks for all the help. George.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
# AdwCleaner v2.200 - Logfile created 04/04/2013 at 17:21:21
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : George - G
# Boot Mode : Normal
# Running from : C:\Documents and Settings\George\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [998 octets] - [29/03/2013 12:13:45]
AdwCleaner[S1].txt - [1061 octets] - [29/03/2013 12:24:20]
AdwCleaner[S2].txt - [3771 octets] - [04/04/2013 17:21:21]

########## EOF - C:\AdwCleaner[S2].txt - [3831 octets] ##########
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
ComboFix 13-03-30.01 - George 03/30/2013 11:38:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1568 [GMT -7:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 18:33 . 2013-03-30 18:33 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys
2013-03-29 23:55 . 2013-03-29 23:55 -------- d-sh--w- c:\documents and settings\George\PrivacIE
2013-03-29 23:53 . 2013-03-29 23:53 -------- d-sh--w- c:\documents and settings\George\IETldCache
2013-03-29 23:39 . 2013-03-29 23:40 -------- dc-h--w- c:\windows\ie8
2013-03-29 23:35 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-29 23:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-29 23:33 . 2013-02-05 20:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-29 23:33 . 2013-02-05 20:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-29 23:33 . 2013-02-05 20:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-03-29 23:33 . 2013-02-05 20:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-29 23:33 . 2013-02-05 20:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-29 23:33 . 2013-02-05 20:05 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-03-29 23:33 . 2013-02-05 20:05 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-03-29 20:47 . 2013-03-29 20:47 14664 ----a-w- c:\windows\stinger.sys
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\program files\stinger
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-29 19:19 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\mpengine.dll
2013-03-28 18:11 . 2013-03-28 18:11 -------- d-----w- C:\18fc8b7197ba6dc4e8
2013-03-28 18:08 . 2013-03-28 18:08 -------- d-----w- c:\program files\Spirent Communications
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\HTC
2013-03-04 13:52 . 2013-03-04 13:52 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Sun
2013-03-01 01:59 . 2013-03-07 16:01 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-30 02:18 . 2011-12-25 01:08 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-03-29 23:28 . 2012-04-18 20:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 23:28 . 2011-10-12 02:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2011-10-11 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 20:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 10:48 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 633344 ----a-w- c:\windows\system32\urlmon(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 37888 ----a-w- c:\windows\system32\url(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 1510400 ----a-w- c:\windows\system32\shdocvw(2).dll
2013-02-05 20:05 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 20:00 385024 ------w- c:\windows\system32\html.iec
2013-01-30 10:53 . 2011-10-12 01:41 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 20:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 00:56 . 2012-08-19 21:39 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-11-09 04:04 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-08-19 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-08 04:57 . 2013-02-18 22:28 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 01:16 . 2004-08-04 20:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 20:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 20:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-29 23:03 . 2013-03-29 23:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\George\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\George\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^George^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\George\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 23:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\George\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 MpKsl5617e768;MpKsl5617e768;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys [3/30/2013 11:33 AM 29904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/10/2011 11:38 PM 231424]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/12/2011 2:40 PM 812544]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2011 2:42 PM 42752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe --> c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/18/2011 9:48 AM 24576]
S3 McComponentHostService;McComponentHostService; [x]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [4/1/2010 7:35 AM 51200]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29379678
*NewlyCreated* - MPKSL5617E768
*Deregistered* - 29379678
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:28]
.
2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-30 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-30 11:47:17
ComboFix-quarantined-files.txt 2013-03-30 18:47
ComboFix2.txt 2013-03-29 20:16
ComboFix3.txt 2013-03-29 18:56
.
Pre-Run: 58,371,776,512 bytes free
Post-Run: 58,427,170,816 bytes free
.
- - End Of File - - 14C5A101753E667960724E32B8514126
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91d4e0415abdd44db0268b9e609a39ee
# engine=13553
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-05 02:56:10
# local_time=2013-04-04 07:56:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=771 16777214 16 1 15243605 15243605 0 0
# compatibility_mode=1040 16777213 100 93 0 51314154 0 0
# compatibility_mode=5892 16777213 77 94 550106 17815942 0 0
# compatibility_mode=8449 16774142 16 1 39252274 39252274 0 0
# scanned=71414
# found=0
# cleaned=0
# scan_time=5049
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

turbovmax

join:2003-08-03
Glendale, CA

1 edit
Ran the Sophos removal tool again and here is the log. Do you need anything else?

2013-03-30 11:50:59 Sophos Virus Removal Tool version 2.3
2013-03-30 11:50:59 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-03-30 11:50:59 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-03-30 11:50:59 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-03-30 11:50:59 Checking for updates...
2013-03-30 11:51:02 Update progress: proxy server not available
2013-03-30 11:51:11 Option all = no
2013-03-30 11:51:11 Option recurse = yes
2013-03-30 11:51:11 Option archive = no
2013-03-30 11:51:11 Option service = yes
2013-03-30 11:51:11 Option confirm = yes
2013-03-30 11:51:11 Option sxl = yes
2013-03-30 11:51:11 Option max-data-age = 35
2013-03-30 11:51:11 Component SVRTcli.exe version 2.3
2013-03-30 11:51:11 Component control.dll version 2.3
2013-03-30 11:51:11 Component SVRTservice.exe version 2.3
2013-03-30 11:51:11 Component engine\osdp.dll version 1.44.0.2040
2013-03-30 11:51:11 Component engine\veex.dll version 3.39.0.2040
2013-03-30 11:51:11 Component engine\savi.dll version 7.5.11.2040
2013-03-30 11:51:11 Component rkdisk.dll version 1.5.30.0
2013-03-30 11:51:11 Version info: Product version 2.3
2013-03-30 11:51:11 Version info: Detection engine 3.39.0
2013-03-30 11:51:11 Version info: Detection data 4.85
2013-03-30 11:51:11 Version info: Build date 1/7/2013
2013-03-30 11:51:11 Version info: Data files added 314
2013-03-30 11:51:11 Version info: Last successful update (not yet updated)
2013-03-30 11:53:23 Downloading updates...
2013-03-30 11:53:23 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-03-30 11:53:23 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE488 LATEST
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE489 LATEST
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE490 LATEST
2013-03-30 11:53:23 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-03-30 11:53:23 Update progress: [I19463] Syncing product SAVIW32 25
2013-03-30 11:54:59 Update progress: [I19463] Syncing product IDE488 180
2013-03-30 11:55:35 Update progress: [I19463] Syncing product IDE489 201
2013-03-30 11:56:18 Installing updates...
2013-03-30 11:56:19 Update progress: [I19463] Syncing product IDE490 1
2013-03-30 11:56:40 Update successful
2013-03-30 11:56:52 Option all = no
2013-03-30 11:56:52 Option recurse = yes
2013-03-30 11:56:52 Option archive = no
2013-03-30 11:56:52 Option service = yes
2013-03-30 11:56:52 Option confirm = yes
2013-03-30 11:56:52 Option sxl = yes
2013-03-30 11:56:52 Option max-data-age = 35
2013-03-30 11:56:52 Component SVRTcli.exe version 2.3
2013-03-30 11:56:52 Component control.dll version 2.3
2013-03-30 11:56:52 Component SVRTservice.exe version 2.3
2013-03-30 11:56:52 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 11:56:52 Component engine\veex.dll version 3.41.0.2060
2013-03-30 11:56:52 Component engine\savi.dll version 7.5.11.2060
2013-03-30 11:56:52 Component rkdisk.dll version 1.5.30.0
2013-03-30 11:56:52 Version info: Product version 2.3
2013-03-30 11:56:52 Version info: Detection engine 3.41.0
2013-03-30 11:56:52 Version info: Detection data 4.87G
2013-03-30 11:56:52 Version info: Build date 3/13/2013
2013-03-30 11:56:52 Version info: Data files added 379
2013-03-30 11:56:52 Version info: Last successful update 3/30/2013 11:56:40 AM

2013-03-30 12:53:44 Scan cancelled by user.
2013-03-30 12:53:44

------------------------------------------------------------

2013-03-30 16:10:31 Sophos Virus Removal Tool version 2.3
2013-03-30 16:10:31 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-03-30 16:10:31 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-03-30 16:10:31 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-03-30 16:10:31 Checking for updates...
2013-03-30 16:10:34 Update progress: proxy server not available
2013-03-30 16:11:19 Option all = no
2013-03-30 16:11:19 Option recurse = yes
2013-03-30 16:11:19 Option archive = no
2013-03-30 16:11:19 Option service = yes
2013-03-30 16:11:19 Option confirm = yes
2013-03-30 16:11:19 Option sxl = yes
2013-03-30 16:11:19 Option max-data-age = 35
2013-03-30 16:11:20 Component SVRTcli.exe version 2.3
2013-03-30 16:11:20 Component control.dll version 2.3
2013-03-30 16:11:20 Component SVRTservice.exe version 2.3
2013-03-30 16:11:20 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 16:11:20 Component engine\veex.dll version 3.41.0.2060
2013-03-30 16:11:20 Component engine\savi.dll version 7.5.11.2060
2013-03-30 16:11:20 Component rkdisk.dll version 1.5.30.0
2013-03-30 16:11:20 Version info: Product version 2.3
2013-03-30 16:11:20 Version info: Detection engine 3.41.0
2013-03-30 16:11:20 Version info: Detection data 4.87G
2013-03-30 16:11:20 Version info: Build date 3/13/2013
2013-03-30 16:11:20 Version info: Data files added 379
2013-03-30 16:11:20 Version info: Last successful update 3/30/2013 11:56:40 AM
2013-03-30 16:11:43 Downloading updates...
2013-03-30 16:11:43 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-03-30 16:11:43 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE488 LATEST
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE489 LATEST
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE490 LATEST
2013-03-30 16:11:43 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-03-30 16:11:43 Update progress: [I19463] Syncing product SAVIW32 25
2013-03-30 16:11:43 Update progress: [I19463] Syncing product IDE488 180
2013-03-30 16:11:50 Update progress: [I19463] Syncing product IDE489 202
2013-03-30 16:11:50 Installing updates...
2013-03-30 16:11:51 Update progress: [I19463] Syncing product IDE490 1
2013-03-30 16:11:52 Update successful
2013-03-30 16:12:03 Option all = no
2013-03-30 16:12:03 Option recurse = yes
2013-03-30 16:12:03 Option archive = no
2013-03-30 16:12:03 Option service = yes
2013-03-30 16:12:03 Option confirm = yes
2013-03-30 16:12:03 Option sxl = yes
2013-03-30 16:12:03 Option max-data-age = 35
2013-03-30 16:12:03 Component SVRTcli.exe version 2.3
2013-03-30 16:12:03 Component control.dll version 2.3
2013-03-30 16:12:03 Component SVRTservice.exe version 2.3
2013-03-30 16:12:03 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 16:12:03 Component engine\veex.dll version 3.41.0.2060
2013-03-30 16:12:03 Component engine\savi.dll version 7.5.11.2060
2013-03-30 16:12:03 Component rkdisk.dll version 1.5.30.0
2013-03-30 16:12:03 Version info: Product version 2.3
2013-03-30 16:12:03 Version info: Detection engine 3.41.0
2013-03-30 16:12:03 Version info: Detection data 4.87G
2013-03-30 16:12:03 Version info: Build date 3/13/2013
2013-03-30 16:12:03 Version info: Data files added 380
2013-03-30 16:12:03 Version info: Last successful update 3/30/2013 4:11:52 PM

2013-03-30 18:36:35 Could not open C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-03-30 18:41:19 Could not open LOGICAL:0004:00000000
2013-03-30 18:41:19 Could not open E:\
2013-03-30 18:41:19 Could not open LOGICAL:0005:00000000
2013-03-30 18:41:19 Could not open F:\
2013-03-30 18:41:25 Could not open PHYSICAL:0081:0000:0000:0001
2013-03-30 18:41:25 Could not open PHYSICAL:0082:0000:0000:0001

2013-03-30 18:47:34 Scan completed.
2013-03-30 18:47:34

------------------------------------------------------------

2013-04-06 08:04:26 Sophos Virus Removal Tool version 2.3
2013-04-06 08:04:26 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-04-06 08:04:26 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-04-06 08:04:26 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-04-06 08:04:26 Checking for updates...
2013-04-06 08:04:40 Update progress: proxy server not available
2013-04-06 08:05:22 Option all = no
2013-04-06 08:05:22 Option recurse = yes
2013-04-06 08:05:22 Option archive = no
2013-04-06 08:05:22 Option service = yes
2013-04-06 08:05:22 Option confirm = yes
2013-04-06 08:05:22 Option sxl = yes
2013-04-06 08:05:22 Option max-data-age = 35
2013-04-06 08:05:22 Component SVRTcli.exe version 2.3
2013-04-06 08:05:22 Component control.dll version 2.3
2013-04-06 08:05:22 Component SVRTservice.exe version 2.3
2013-04-06 08:05:22 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 08:05:22 Component engine\veex.dll version 3.41.0.2060
2013-04-06 08:05:22 Component engine\savi.dll version 7.5.11.2060
2013-04-06 08:05:22 Component rkdisk.dll version 1.5.30.0
2013-04-06 08:05:22 Version info: Product version 2.3
2013-04-06 08:05:22 Version info: Detection engine 3.41.0
2013-04-06 08:05:22 Version info: Detection data 4.87G
2013-04-06 08:05:22 Version info: Build date 3/13/2013
2013-04-06 08:05:22 Version info: Data files added 380
2013-04-06 08:05:22 Version info: Last successful update 3/30/2013 4:11:52 PM
2013-04-06 08:05:38 Downloading updates...
2013-04-06 08:05:38 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-04-06 08:05:38 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE488 LATEST
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE489 LATEST
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE490 LATEST
2013-04-06 08:05:38 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-04-06 08:05:38 Update progress: [I19463] Syncing product SAVIW32 25
2013-04-06 08:05:38 Update progress: [I19463] Syncing product IDE488 180
2013-04-06 08:05:44 Update progress: [I19463] Syncing product IDE489 221
2013-04-06 08:05:47 Update progress: [I19463] Syncing product IDE490 22
2013-04-06 08:05:50 Installing updates...
2013-04-06 08:05:52 Update successful
2013-04-06 08:06:04 Option all = no
2013-04-06 08:06:04 Option recurse = yes
2013-04-06 08:06:04 Option archive = no
2013-04-06 08:06:04 Option service = yes
2013-04-06 08:06:04 Option confirm = yes
2013-04-06 08:06:04 Option sxl = yes
2013-04-06 08:06:04 Option max-data-age = 35
2013-04-06 08:06:04 Component SVRTcli.exe version 2.3
2013-04-06 08:06:04 Component control.dll version 2.3
2013-04-06 08:06:04 Component SVRTservice.exe version 2.3
2013-04-06 08:06:04 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 08:06:04 Component engine\veex.dll version 3.41.0.2060
2013-04-06 08:06:04 Component engine\savi.dll version 7.5.11.2060
2013-04-06 08:06:04 Component rkdisk.dll version 1.5.30.0
2013-04-06 08:06:04 Version info: Product version 2.3
2013-04-06 08:06:04 Version info: Detection engine 3.41.0
2013-04-06 08:06:04 Version info: Detection data 4.87G
2013-04-06 08:06:04 Version info: Build date 3/13/2013
2013-04-06 08:06:04 Version info: Data files added 420
2013-04-06 08:06:04 Version info: Last successful update 4/6/2013 8:05:52 AM

2013-04-06 08:08:44 Scan completed.
2013-04-06 08:08:44

------------------------------------------------------------

2013-04-06 09:04:13 Sophos Virus Removal Tool version 2.3
2013-04-06 09:04:13 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-04-06 09:04:13 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-04-06 09:04:13 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-04-06 09:04:13 Checking for updates...
2013-04-06 09:04:26 Option all = no
2013-04-06 09:04:26 Option recurse = yes
2013-04-06 09:04:26 Option archive = no
2013-04-06 09:04:26 Option service = yes
2013-04-06 09:04:26 Option confirm = yes
2013-04-06 09:04:26 Option sxl = yes
2013-04-06 09:04:26 Option max-data-age = 35
2013-04-06 09:04:26 Component SVRTcli.exe version 2.3
2013-04-06 09:04:26 Component control.dll version 2.3
2013-04-06 09:04:26 Component SVRTservice.exe version 2.3
2013-04-06 09:04:26 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 09:04:26 Component engine\veex.dll version 3.41.0.2060
2013-04-06 09:04:26 Component engine\savi.dll version 7.5.11.2060
2013-04-06 09:04:26 Component rkdisk.dll version 1.5.30.0
2013-04-06 09:04:26 Version info: Product version 2.3
2013-04-06 09:04:26 Version info: Detection engine 3.41.0
2013-04-06 09:04:26 Version info: Detection data 4.87G
2013-04-06 09:04:26 Version info: Build date 3/13/2013
2013-04-06 09:04:26 Version info: Data files added 420
2013-04-06 09:04:26 Version info: Last successful update 4/6/2013 8:05:52 AM
2013-04-06 09:04:28 Update progress: proxy server not available
2013-04-06 09:04:31 Update not required

2013-04-06 10:50:56 Could not open LOGICAL:0004:00000000
2013-04-06 10:50:56 Could not open E:\
2013-04-06 10:50:56 Could not open LOGICAL:0005:00000000
2013-04-06 10:50:56 Could not open F:\
2013-04-06 10:50:58 Could not open PHYSICAL:0081:0000:0000:0001
2013-04-06 10:50:58 Could not open PHYSICAL:0082:0000:0000:0001


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

quote:
where do I find installed programs.
Click Start, click Control Panel, and then double-click Add or Remove Programs.

quote:
Uninstalled the Java file but there is still an old Icon in control panel that is not working.
You also had Java 7 Update 17 installed. If double-clicking on the Java icon in Control Panel's Add or Remove Programs doesn't do anything, go to Add or Remove Programs and uninstall Java 7 Update 17. If you need it (most people don't), you can always reinstall it later.

Please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook.exe
 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
 

- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:dir
C:\18fc8b7197ba6dc4e8 /s
 
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt

Please download Malwarebytes Anti-Rootkit here:
http://downloads.malwarebytes.org/file/mbar
 

- Unzip the contents to a folder on the Desktop.
- Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Please post the two logs produced.
- Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

If you see a copy of ComboFix on the Desktop please delete it as we need to ensure you have the latest version.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi ··· combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.

Your Adobe Reader is out of date. Go to Add or Remove Programs and uninstall Adobe Reader, then download and install the current version from »www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

Please post the logs from ComboFix, SystemLook, MBAR (both logs), and note any errors encountered. How is the system running other than the problem

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
Also, let's try to get the contents of c:\FixitRegBackup.reg

Reconfigure Windows to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now can you see c:\FixitRegBackup.reg?
If you can, please right-click on the file, select Edit, and when it opens in Notepad copy and paste the contents in your next reply.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA
Tried to run Combofix and I get an error saying that I need to turn of Microsoft Security Essentials. Well that was the reason I posted here. I uninstalled that and did a regedit for any leftover files. All were deleted and the uninstall went well. Not sure why MSE is still reporting that it is running. I did find an older log of ComboFix. I will post it and the other logs you requested.

---Files---
None found.

C:\18fc8b7197ba6dc4e8\1025 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1028 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1029 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1030 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1031 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1032 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1033 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1035 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1036 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1037 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1038 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1040 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1041 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1042 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1043 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1044 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1045 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1046 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1049 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1053 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1055 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\2052 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\2070 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\3076 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\3082 d------ [18:11 28/03/2013]

-= EOF =-

turbovmax

join:2003-08-03
Glendale, CA

1 edit
reply to TheJoker
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 843890688

------------ Kernel report ------------
04/06/2013 19:59:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Serial.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\ti21sony.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\drivers\camc6hal.sys
\SystemRoot\system32\drivers\camc6aud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWATI.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a758390
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a50bc70
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
Initialization returned 0x0
Load Function returned 0x0
>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a6bfab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a4d82d8
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a866ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a83d940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.06.07
Downloaded database version: v2013.03.25.01
Initializing...
Done!
>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a83c900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a86b5f0, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a83d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f61100, 0xffffffff8a866ab8, 0xffffffff88049ab8
Lower DeviceData: 0xffffffffe1e95c08, 0xffffffff8a83d940, 0xffffffff88313558
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42DA42DA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 154191807
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xd7)
Partition is NOT ACTIVE.
Partition starts at LBA: 154191870 Numsec = 2104515

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7513f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4d82d8, DeviceName: \Device\00000083\, DriverName: \Driver\ti21sony\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a636020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a50bc70, DeviceName: \Device\00000084\, DriverName: \Driver\ti21sony\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-04.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log --> [PUP.TidyNetwork]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 1302024192

Removal queue found; removal started
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log...
Removal finished
=======================================

Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
@=""
"InstallLocation"="c:\\Program Files\\Microsoft Security Client\\"
"ProductAppDataPath"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware"
"ProductIcon"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-100"
"ProductLocalizedName"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-1000"
"RemediationExe"="C:\\Program Files\\Microsoft Security Client\\msseces.exe"
"WATPath"="C:\\Program Files\\Microsoft Security Client\\mssewat.dll"
"Edt"=hex:00,00,00,00,00,00,00,00
"ProductType"=dword:00000008
"InstallTime"=hex:f0,14,87,12,51,fa,cd,01
"DisableRoutinelyTakingAction"=dword:00000000
"ProductStatus"=dword:00000000
"OneTimeSqmDataSent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration]
@=""
"SqmConsentApprove"=dword:00000000
"DeltaUpdateFailure"=dword:00000000
"BddUpdateFailure"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\ActiveSignatures]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\IP Ranges]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Processes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Threat IDs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation]
"{7A692DFC-A587-4230-B53B-6B8E867B3212}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine]
@=""
"PurgeItemsAfterDelay"=dword:0000005a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Remediation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Reporting]
@=""
"LastRebootTime"=hex:42,30,9a,2b,84,2d,ce,01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan]
@=""
"SFCState"=dword:00000007
"CacheFile"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Scans\\History\\CacheManager\\MpScanCache-1.bin"
"DisableCatchupQuickScan"=dword:00000001
"DisableCatchupFullScan"=dword:00000001
"AllowPause"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"QuickScanInterval"=dword:00000000
"ScheduleDay"=dword:00000001
"LastOfflineScan"=hex:00,00,00,00,00,00,00,00
"LastScanType"=dword:00000002
"LastScanRun"=hex:ba,27,36,0a,13,1e,ce,01
"LastFullScanID"="{1581470E-6408-4388-93A1-5F8BB368DF97}"
"LastFullScanBytesCount"=hex:3c,74,33,9c,07,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
"SignatureCategoryID"="6b9e8b26-8f50-44b9-94c6-7846084383ec"
@=""
"SignatureUpdateInterval"=dword:00000018
"ScheduleDay"=dword:00000008
"ASSignatureDue"=dword:00000007
"AVSignatureDue"=dword:00000007
"ForceUpdateFromMU"=dword:00000001
"FallbackOrder"="MicrosoftUpdateServer|MMPC"
"LastFallbackTime"=hex:b6,fa,26,08,82,2d,ce,01
"SignatureUpdateCount"=dword:00000022
"SignaturesLastUpdated"=hex:f4,ae,40,2e,82,2d,ce,01
"UpdatedWithinGracePeriod"=dword:00000000
"EngineVersion"="1.1.9302.0"
"AVSignatureVersion"="1.147.768.0"
"AVSignatureBaseVersion"="1.147.0.0"
"AVSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"ASSignatureVersion"="1.147.768.0"
"ASSignatureBaseVersion"="1.147.0.0"
"ASSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"SignatureLocation"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{C16759E2-1F8D-4158-B806-359C4E9EE48C}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet]
@=""
"SpyNetReportingLocation"=hex(7):68,00,74,00,74,00,70,00,73,00,3a,00,2f,00,2f,\
00,73,00,70,00,79,00,6e,00,65,00,74,00,32,00,2e,00,6d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,41,00,6e,00,74,\
00,69,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,73,00,2f,00,32,00,2f,00,53,00,70,00,79,00,6e,00,65,00,74,\
00,52,00,65,00,70,00,6f,00,72,00,74,00,53,00,72,00,76,00,63,00,2e,00,61,00,\
73,00,6d,00,78,00,00,00,00,00
"SpyNetReporting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration]
@=""
"DisablePrivacyMode"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\\Program Files\\Synaptics\\SynTP\\SynTPStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

I see that MBAR found and deleted some malware.

quote:
Tried to run Combofix and I get an error saying that I need to turn of Microsoft Security Essentials. Well that was the reason I posted here. I uninstalled that and did a regedit for any leftover files.
When you say you uninstalled that, what was it you uninstalled? MSSE or ComboFix? It's better to not edit the registry manually while we are doing this, it makes tracking changes harder if you make unrequested changes. The ComboFix log you posted was the same one you posted before. I need to see the current one. If it won't run saying that MSSE is still running, reboot to Safe Mode and run it:

Reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

If you were able to successfully run ComboFix, or post a current log from it, there's no need to reboot to Safe mode to run it.

Please download Hijack This!:
»sourceforge.net/projects/hjt/
Please save it in a convenient permanent folder such as C:\HJT\.

Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review.

Please post the log from ComboFix, and the file uninstall_list.txt from HijackThis and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA
I have not done a regedit during this process. Want to keep things clean and flowing. After the PC guy cleaned out the FBI virus I tried to open MSSE and it would not. SO I decided to uninstall it and reinstall it. Then I had the problem. At that time I did regedit for additional files of MSSE and found a few and deleted. So i'll run the scan in safe mode. I'm back on the road today so it may take me a bit to respond back.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
said by turbovmax:

I'm back on the road today so it may take me a bit to respond back.

Not a problem, I'll just keep checking back for replies. See you when you get back.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA

1 edit
Hi Joker. Ran the ComboFix this morning before I left in Safe Mode. I got the error that AVG and MSSE was running and that I could continue at my own risk. I could not disable AVG in Safe Mode and that MSSE thing is probably a corrupted file that got caught in limbo when the PC guy was cleaning out the FBI virus. I dont know. So anyways here is the ComboFix and HijackThis logs. Let me know if I missed anything. Also when I try to uninstall Java 7 Update 17 in either add and remove programs or with revo uninstaller I get an error stating the path is wrong or choose another path to uninstall.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
ComboFix 13-04-06.02 - George 04/07/2013 8:17.4.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1684 [GMT -7:00]
Running from: c:\documents and settings\George\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\George\Local Settings\Application Data\DownloadTerms\teMP.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))
.
.
2013-04-07 09:18 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A93E083-618E-4E34-8E13-39E0BC686093}\mpengine.dll
2013-04-06 21:03 . 2013-04-06 21:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\PCHealth
2013-04-06 20:52 . 2013-04-06 20:52 -------- d-----w- c:\documents and settings\George\Application Data\Yontoo
2013-04-06 20:52 . 2013-04-06 20:52 -------- d-----w- c:\program files\Yontoo
2013-04-06 20:51 . 2013-04-06 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2013-04-06 20:51 . 2013-04-07 15:29 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\DownloadTerms
2013-04-06 16:17 . 2013-04-06 16:17 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN26.tmp
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN25.tmp
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN24.tmp
2013-04-06 04:43 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 01:05 . 2013-04-05 01:05 -------- d-----w- c:\program files\ESET
2013-04-05 00:28 . 2013-04-05 00:28 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\AVG Secure Search
2013-04-01 23:40 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-01 23:40 . 2013-04-01 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-31 23:32 . 2013-03-31 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-31 02:09 . 2013-03-31 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-03-30 21:51 . 2013-03-30 21:51 -------- d-----w- c:\documents and settings\George\Application Data\AVG2013
2013-03-30 21:45 . 2013-03-30 21:45 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-30 21:45 . 2013-03-30 21:45 -------- d-----w- c:\documents and settings\George\Application Data\TuneUp Software
2013-03-30 21:44 . 2013-03-30 21:44 -------- d-----w- c:\documents and settings\George\Application Data\AVG SafeGuard toolbar
2013-03-30 21:44 . 2013-03-30 21:44 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-30 21:44 . 2013-04-05 00:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-03-30 21:44 . 2013-03-30 21:44 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-03-30 21:42 . 2013-03-30 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-03-30 21:42 . 2013-03-30 21:42 -------- d-----w- C:\$AVG
2013-03-30 21:40 . 2013-03-30 21:40 -------- d-----w- c:\program files\AVG
2013-03-30 21:36 . 2013-03-30 21:36 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-03-30 21:36 . 2013-04-07 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-03-30 21:36 . 2013-03-31 13:36 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Avg2013
2013-03-30 21:36 . 2013-03-30 21:36 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\MFAData
2013-03-30 20:36 . 2013-03-30 20:36 12824 ----a-w- C:\FixitRegBackup.reg
2013-03-30 20:27 . 2013-03-30 20:27 -------- d-----w- c:\documents and settings\George\Application Data\Windows Search
2013-03-30 20:19 . 2013-03-30 20:19 -------- d-----w- c:\program files\Microsoft
2013-03-30 20:19 . 2013-03-30 20:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-03-30 20:03 . 2013-03-30 20:03 -------- d-----w- c:\windows\system32\winrm
2013-03-30 20:03 . 2013-03-30 20:04 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-03-30 20:03 . 2013-03-30 20:03 -------- d-----w- c:\documents and settings\George\Application Data\Windows Desktop Search
2013-03-30 20:02 . 2013-03-30 20:22 -------- d-----w- c:\program files\Windows Desktop Search
2013-03-30 20:02 . 2013-03-30 20:02 -------- d-----w- c:\windows\system32\GroupPolicy
2013-03-30 20:01 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-03-30 20:01 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-03-30 20:01 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-03-30 19:50 . 2013-03-30 19:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-03-30 18:50 . 2013-03-30 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-29 23:55 . 2013-03-29 23:55 -------- d-sh--w- c:\documents and settings\George\PrivacIE
2013-03-29 23:53 . 2013-03-29 23:53 -------- d-sh--w- c:\documents and settings\George\IETldCache
2013-03-29 23:39 . 2013-03-29 23:40 -------- dc-h--w- c:\windows\ie8
2013-03-29 23:35 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-29 23:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-29 23:33 . 2013-02-05 20:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-29 23:33 . 2013-02-05 20:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-29 23:33 . 2013-02-05 20:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-03-29 23:33 . 2013-02-05 20:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-29 23:33 . 2013-02-05 20:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-29 23:33 . 2013-02-05 20:05 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-03-29 23:33 . 2013-02-05 20:05 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-03-29 20:47 . 2013-03-29 20:47 14664 ----a-w- c:\windows\stinger.sys
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\program files\stinger
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-28 18:11 . 2013-03-28 18:11 -------- d-----w- C:\18fc8b7197ba6dc4e8
2013-03-28 18:08 . 2013-03-28 18:08 -------- d-----w- c:\program files\Spirent Communications
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\HTC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2011-10-12 01:41 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 02:42 . 2011-12-25 01:08 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-03-29 23:28 . 2012-04-18 20:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 23:28 . 2011-10-12 02:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2011-10-11 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 20:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-06 10:48 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 633344 ----a-w- c:\windows\system32\urlmon(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 37888 ----a-w- c:\windows\system32\url(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 1510400 ----a-w- c:\windows\system32\shdocvw(2).dll
2013-02-05 20:05 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 20:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 20:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 00:56 . 2012-08-19 21:39 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-11-09 04:04 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-08-19 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 23:03 . 2013-03-29 23:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"="c:\documents and settings\George\Application Data\Yontoo\YontooDesktop.exe" [2013-03-23 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-03-30 1219248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\George\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\George\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^George^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\George\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 23:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\George\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/30/2013 2:44 PM 33624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2/19/2013 4:02 AM 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/1/2013 4:40 PM 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/1/2013 4:40 PM 682344]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2011 2:42 PM 42752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe --> c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/30/2013 2:44 PM 990896]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [4/6/2013 1:52 PM 23552]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/10/2011 11:38 PM 231424]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/18/2011 9:48 AM 24576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/1/2013 4:40 PM 21104]
S3 McComponentHostService;McComponentHostService; [x]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [4/1/2010 7:35 AM 51200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/12/2011 2:40 PM 812544]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:28]
.
2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-04-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
FF - ExtSQL: 2013-04-05 17:00; daxip@kjvdvbop.org; c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions\daxip@kjvdvbop.org
FF - ExtSQL: 2013-04-06 13:52; plugin@yontoo.com; c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions\plugin@yontoo.com
FF - ExtSQL: !HIDDEN! 2013-04-06 13:51; daxip@kjvdvbop.org; c:\program files\Mozilla Firefox\extensions\daxip@kjvdvbop.org
FF - user.js: extentions.y2layers.installId - 33128290-ea14-4bc1-a2d3-efdb85b1ce31
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-07 08:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-04-07 08:37:47
ComboFix-quarantined-files.txt 2013-04-07 15:37
ComboFix2.txt 2013-03-30 18:47
ComboFix3.txt 2013-03-29 20:16
ComboFix4.txt 2013-03-29 18:56
.
Pre-Run: 57,227,608,064 bytes free
Post-Run: 57,224,278,016 bytes free
.
- - End Of File - - 124B322DABA6DE3DA26BF384C77F9EEE

Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Security Toolbar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CameraHelperMsi
Conexant AC-Link Audio
Corel WinDVD
erLT
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.30 J1
HP QuickPlay 2.0
HP Rhapsody
HP Solution Center 7.0
HP User Guides 0026
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
HTC Driver Installer
IPTInstaller
iTunes
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mouse Suite
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
Quicken 2006
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.94
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sophos Virus Removal Tool
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.0
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wireless Home Network Setup
Yontoo 2.051
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

quote:
when I try to uninstall Java 7 Update 17 in either add and remove programs or with revo uninstaller I get an error stating the path is wrong or choose another path to uninstall.
I don't see Java 7 Update 17 in your uninstall list. If you still see it there or listed in Revo Uninstaller, the typical way to fix a program that won't uninstall properly is to reinstall it and then uninstall it.

You can download it from »www.oracle.com/technetwork/java/ ··· dex.html. Select the download button for JRE, accept the license agreement, and then download the Windows x86 Offline version, jre-7u17-windows-i586.exe. Then double-click to install, and after it's installed, you should be able to uninstall it normally in Control Panel's Add or Remove Programs. If the program has been updated past Update 17 when you return, wait for further instructions instead as it need to be the same version as previously installed.

Next, go to Start > Control Panel > Add or Remove Programs, and uninstall:
Microsoft Security Client

Then restart your system.

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 

http://www.forospyware.com/sUBs/ComboFix.exe
 

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad*Do Not Use Wordpad!*(Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

quote:
Folder::
C:\18fc8b7197ba6dc4e8

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe
If you still have trouble with it saying you need to disable Microsoft Security Essentials to get it to run, reboot to Safe Mode as you did before, follow the above instructions, and let me know that it happened.

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA

1 edit
?

turbovmax

join:2003-08-03
Glendale, CA
reply to TheJoker
I did finally get rid of Java 7. Microsoft Security Client is not in Add and Remove or Revo. I thought I had better wait on the new ComboFix till I hear from U re: the MSC.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

I'm surprised you didn't see Microsoft Security Client in Add or Remove Programs, it was in the installed program list from HijackThis. If it's not there, don't worry about it.

Go to Start > Control Panel > Add or Remove Programs, and if you didn't install Yontoo, uninstall it, it's listed as a potentially unwanted program that may have been installed without your knowledge. Please let me know if you uninstalled it or if you chose not to.

Rather than run ComboFix from the previous set instructions, use these instead, I've added an extra command to it.

We need to make sure you have the most recent version of ComboFix.
Delete your current copy of ComboFix.exe.
Download ComboFix© by sUBs from one of these links:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 

http://www.forospyware.com/sUBs/ComboFix.exe
 

Save the file to your Desktop.
Close any open browsers.
Close your AntiVirus and any anti-spyware programs you may be running.

For this next step, please ensure that ComboFix.exe is on your desktop:

Please open Notepad*Do Not Use Wordpad!*(Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop.

quote:
Folder::
C:\18fc8b7197ba6dc4e8
Driver::
McComponentHostService

Save this as CFScript.txt, in the same location as ComboFix.exe




Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA

1 edit
I found a file for Microsoft Security Client in the C: drive under program files. Do you want me to DELETE it?

Uninstalled Yantoo. Dont know where it came from. Dont want it. Its gone.

I will run ComboFix tonight when I crash. Post file tomorrow. Thanks again.

Also wanted to add. Since that PC guy was in the computer I keep getting an hour glass flashing on and off at the mouse arrow on the desktop. As if something is popping on and off. Also on the touch pad if I want to scroll up or down its not working. I have to put the mouse arrow on the right column and drag it manually.

Every time I click save file it loads in the downloads box and not to the desktop. If I try to run it I get a loud beep and a warning that MSSE is running and could damage the computer if I continue. SO I try to continue and the it states something about the name being ComboFix.exe2 and that it cannot be that and to rename it. Not sure whats happening there. What else may I try to do?


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6
quote:
I found a file for Microsoft Security Client in the C: drive under program files. Do you want me to DELETE it?
What is the exact file name and full path?

ComboFix MUST be on the Desktop. Since you have Firefox installed, open it, go to Tools > Options, click the General tab, and be sure there is a checkmark in the box for "always ask me where to save files". Then download the file and save to the Desktop, and follow the previous directions to boot to Safe mode, and run it with the last set of instructions provided.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA
When I open program files the name is Microsoft Security Client. I dont know what you mean by a path or how to find it. Sorry. Just not as smart as I think I am. Ha Ha.

Checked the box in Firefox and will run in Safe mode tonight when I turn in. Thanks. Will post sometime tomorrow.

turbovmax

join:2003-08-03
Glendale, CA
reply to TheJoker
New ComboFix file.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

quote:
I dont know what you mean by a path
When you see a directory or program folder listing, such as:
c:\Program Files\Microsoft Security Client\MsMpEng.exe

MsMpEng.exe is the file name.
c:\Program Files\Microsoft Security Client\MsMpEng.exe would be the full path, it's where the file is located, drive and folders, and the file name.

Please check again in Add or Remove Programs for Microsoft Security Client. It was listed in the uninstall list from both OTL and HijackThis. Go to Start > Control Panel > Add or Remove Programs, and search the entire list for Microsoft Security Client. If you see it, please uninstall it, and let me know how it went.

Double-click SystemLook.exe to run it.
- Copy the content] of the following codebox into the main textfield:
:dir
c:\Program Files
C:\Program Files\Common Files
 

- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

turbovmax

join:2003-08-03
Glendale, CA

1 edit
All it says in the Program Files folder is Microsoft Security Client. When I put the mouse arrow over it it says,

20.8 MB
Folders: Drivers, en-us
Files: DBG Help.DLL, EPP Manifest.DLL, Legitlib.dll, ....

When I open it there are quit a few files.
The only other way I know how to see what your describing is to do a regedit. When I do that and search MSC it reads
c:\Program Files\Microsoft Security Client\MsMpCom.dll
Going through the registry there are quit a few files. Did not delete any.

SystemLook.exe file attached.


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:6

1 recommendation

Please check again in Add or Remove Programs for Microsoft Security Client. It was listed in the uninstall list from both OTL and HijackThis. Go to Start > Control Panel > Add or Remove Programs, and search the entire list for Microsoft Security Client. If you see it, please uninstall it, and let me know how it went.

If that didn't work, click Start, click Run, type appwiz.cpl in the Run text box, and then click OK. Select Microsoft Security Essentials, and then click Uninstall.

If that didn't work, There is a MS FixIt to uninstall Microsoft Security Client that may work.
Click this link and follwo any prompts:
»go.microsoft.com/?linkid=9775235

Restart your system and please re-run OTL and post the new log.
Please describe how your progress went.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010