site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > Microsoft security essentials problem

Search Topic:
 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies

turbovmax

join:2003-08-03
Glendale, CA
1 edit

reply to TheJoker

Re: Microsoft security essentials problem

Joker. Some things I know how to do but most things I do not. Not so computer smart. So, where do I find installed programs. I looked in the C drive and not sure it was there.

I don't know which program created c:\FixitRegBackup.reg. And I don't know how to locate the file.

I did a regedit or all those AntiVirus files after I thought I uninstalled them and removed any files found and I see there still there. None are listed in Revo.

Uninstalled the Java file but there is still an old Icon in control panel that is not working.

Turned on the firewall.

I found the long numbered file and it had many files within it but there was nothing in those files.

I think I attached all the scan files you requested. I will go over it all again to make sure I did not miss something. I know I have not been very much help. I just don't know how to do some of these things. I had this problem with a Microsoft Software forum post and I let the moderator share the computer and clean things up. We have been chatting for over ten years now. So if you feel this is something you might want to do let me know. One thing. I am a truck driver and don't get to turn on the computer a lot on the road. I am stationary today and this evening, and tomorrow morning. Thanks for all the help. George.
to forum · permalink · 2013-04-06 11:40:09 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 17:21:21
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : George - G
# Boot Mode : Normal
# Running from : C:\Documents and Settings\George\My Documents\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [998 octets] - [29/03/2013 12:13:45]
AdwCleaner[S1].txt - [1061 octets] - [29/03/2013 12:24:20]
AdwCleaner[S2].txt - [3771 octets] - [04/04/2013 17:21:21]

########## EOF - C:\AdwCleaner[S2].txt - [3831 octets] ##########
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2013-04-06 12:17:01 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

ComboFix 13-03-30.01 - George 03/30/2013 11:38:15.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1568 [GMT -7:00]
Running from: G:\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 )))))))))))))))))))))))))))))))
.
.
2013-03-30 18:33 . 2013-03-30 18:33 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys
2013-03-29 23:55 . 2013-03-29 23:55 -------- d-sh--w- c:\documents and settings\George\PrivacIE
2013-03-29 23:53 . 2013-03-29 23:53 -------- d-sh--w- c:\documents and settings\George\IETldCache
2013-03-29 23:39 . 2013-03-29 23:40 -------- dc-h--w- c:\windows\ie8
2013-03-29 23:35 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-29 23:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-29 23:33 . 2013-02-05 20:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-29 23:33 . 2013-02-05 20:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-29 23:33 . 2013-02-05 20:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-03-29 23:33 . 2013-02-05 20:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-29 23:33 . 2013-02-05 20:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-29 23:33 . 2013-02-05 20:05 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-03-29 23:33 . 2013-02-05 20:05 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-03-29 20:47 . 2013-03-29 20:47 14664 ----a-w- c:\windows\stinger.sys
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\program files\stinger
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-29 19:19 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\mpengine.dll
2013-03-28 18:11 . 2013-03-28 18:11 -------- d-----w- C:\18fc8b7197ba6dc4e8
2013-03-28 18:08 . 2013-03-28 18:08 -------- d-----w- c:\program files\Spirent Communications
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\HTC
2013-03-04 13:52 . 2013-03-04 13:52 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Sun
2013-03-01 01:59 . 2013-03-07 16:01 -------- d-----w- C:\Temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-30 02:18 . 2011-12-25 01:08 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-03-29 23:28 . 2012-04-18 20:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 23:28 . 2011-10-12 02:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 00:32 . 2011-10-11 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 20:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-06 10:48 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 633344 ----a-w- c:\windows\system32\urlmon(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 37888 ----a-w- c:\windows\system32\url(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 1510400 ----a-w- c:\windows\system32\shdocvw(2).dll
2013-02-05 20:05 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 20:00 385024 ------w- c:\windows\system32\html.iec
2013-01-30 10:53 . 2011-10-12 01:41 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-04 20:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 00:56 . 2012-08-19 21:39 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-11-09 04:04 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-08-19 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-08 04:57 . 2013-02-18 22:28 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-07 01:16 . 2004-08-04 20:00 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-03 22:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 20:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 20:00 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-03-29 23:03 . 2013-03-29 23:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\George\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\George\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^George^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\George\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 23:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-11-10 20:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\George\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
R1 MpKsl5617e768;MpKsl5617e768;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{512AA945-963E-446D-BA77-E26853D42EF7}\MpKsl5617e768.sys [3/30/2013 11:33 AM 29904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/10/2011 11:38 PM 231424]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/12/2011 2:40 PM 812544]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2011 2:42 PM 42752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe --> c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/18/2011 9:48 AM 24576]
S3 McComponentHostService;McComponentHostService; [x]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [4/1/2010 7:35 AM 51200]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29379678
*NewlyCreated* - MPKSL5617E768
*Deregistered* - 29379678
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:28]
.
2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-03-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2013-03-30 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(748)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1000)
c:\windows\system32\WININET.dll
c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-03-30 11:47:17
ComboFix-quarantined-files.txt 2013-03-30 18:47
ComboFix2.txt 2013-03-29 20:16
ComboFix3.txt 2013-03-29 18:56
.
Pre-Run: 58,371,776,512 bytes free
Post-Run: 58,427,170,816 bytes free
.
- - End Of File - - 14C5A101753E667960724E32B8514126
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2013-04-06 12:17:24 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=91d4e0415abdd44db0268b9e609a39ee
# engine=13553
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-05 02:56:10
# local_time=2013-04-04 07:56:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=771 16777214 16 1 15243605 15243605 0 0
# compatibility_mode=1040 16777213 100 93 0 51314154 0 0
# compatibility_mode=5892 16777213 77 94 550106 17815942 0 0
# compatibility_mode=8449 16774142 16 1 39252274 39252274 0 0
# scanned=71414
# found=0
# cleaned=0
# scan_time=5049
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~

to forum · permalink · 2013-04-06 12:18:06 ·

turbovmax

join:2003-08-03
Glendale, CA
1 edit

Ran the Sophos removal tool again and here is the log. Do you need anything else?

2013-03-30 11:50:59 Sophos Virus Removal Tool version 2.3
2013-03-30 11:50:59 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-03-30 11:50:59 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-03-30 11:50:59 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-03-30 11:50:59 Checking for updates...
2013-03-30 11:51:02 Update progress: proxy server not available
2013-03-30 11:51:11 Option all = no
2013-03-30 11:51:11 Option recurse = yes
2013-03-30 11:51:11 Option archive = no
2013-03-30 11:51:11 Option service = yes
2013-03-30 11:51:11 Option confirm = yes
2013-03-30 11:51:11 Option sxl = yes
2013-03-30 11:51:11 Option max-data-age = 35
2013-03-30 11:51:11 Component SVRTcli.exe version 2.3
2013-03-30 11:51:11 Component control.dll version 2.3
2013-03-30 11:51:11 Component SVRTservice.exe version 2.3
2013-03-30 11:51:11 Component engine\osdp.dll version 1.44.0.2040
2013-03-30 11:51:11 Component engine\veex.dll version 3.39.0.2040
2013-03-30 11:51:11 Component engine\savi.dll version 7.5.11.2040
2013-03-30 11:51:11 Component rkdisk.dll version 1.5.30.0
2013-03-30 11:51:11 Version info: Product version 2.3
2013-03-30 11:51:11 Version info: Detection engine 3.39.0
2013-03-30 11:51:11 Version info: Detection data 4.85
2013-03-30 11:51:11 Version info: Build date 1/7/2013
2013-03-30 11:51:11 Version info: Data files added 314
2013-03-30 11:51:11 Version info: Last successful update (not yet updated)
2013-03-30 11:53:23 Downloading updates...
2013-03-30 11:53:23 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-03-30 11:53:23 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE488 LATEST
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE489 LATEST
2013-03-30 11:53:23 Update progress: [I49502] Found supplement IDE490 LATEST
2013-03-30 11:53:23 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-03-30 11:53:23 Update progress: [I19463] Syncing product SAVIW32 25
2013-03-30 11:54:59 Update progress: [I19463] Syncing product IDE488 180
2013-03-30 11:55:35 Update progress: [I19463] Syncing product IDE489 201
2013-03-30 11:56:18 Installing updates...
2013-03-30 11:56:19 Update progress: [I19463] Syncing product IDE490 1
2013-03-30 11:56:40 Update successful
2013-03-30 11:56:52 Option all = no
2013-03-30 11:56:52 Option recurse = yes
2013-03-30 11:56:52 Option archive = no
2013-03-30 11:56:52 Option service = yes
2013-03-30 11:56:52 Option confirm = yes
2013-03-30 11:56:52 Option sxl = yes
2013-03-30 11:56:52 Option max-data-age = 35
2013-03-30 11:56:52 Component SVRTcli.exe version 2.3
2013-03-30 11:56:52 Component control.dll version 2.3
2013-03-30 11:56:52 Component SVRTservice.exe version 2.3
2013-03-30 11:56:52 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 11:56:52 Component engine\veex.dll version 3.41.0.2060
2013-03-30 11:56:52 Component engine\savi.dll version 7.5.11.2060
2013-03-30 11:56:52 Component rkdisk.dll version 1.5.30.0
2013-03-30 11:56:52 Version info: Product version 2.3
2013-03-30 11:56:52 Version info: Detection engine 3.41.0
2013-03-30 11:56:52 Version info: Detection data 4.87G
2013-03-30 11:56:52 Version info: Build date 3/13/2013
2013-03-30 11:56:52 Version info: Data files added 379
2013-03-30 11:56:52 Version info: Last successful update 3/30/2013 11:56:40 AM

2013-03-30 12:53:44 Scan cancelled by user.
2013-03-30 12:53:44

------------------------------------------------------------

2013-03-30 16:10:31 Sophos Virus Removal Tool version 2.3
2013-03-30 16:10:31 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-03-30 16:10:31 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-03-30 16:10:31 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-03-30 16:10:31 Checking for updates...
2013-03-30 16:10:34 Update progress: proxy server not available
2013-03-30 16:11:19 Option all = no
2013-03-30 16:11:19 Option recurse = yes
2013-03-30 16:11:19 Option archive = no
2013-03-30 16:11:19 Option service = yes
2013-03-30 16:11:19 Option confirm = yes
2013-03-30 16:11:19 Option sxl = yes
2013-03-30 16:11:19 Option max-data-age = 35
2013-03-30 16:11:20 Component SVRTcli.exe version 2.3
2013-03-30 16:11:20 Component control.dll version 2.3
2013-03-30 16:11:20 Component SVRTservice.exe version 2.3
2013-03-30 16:11:20 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 16:11:20 Component engine\veex.dll version 3.41.0.2060
2013-03-30 16:11:20 Component engine\savi.dll version 7.5.11.2060
2013-03-30 16:11:20 Component rkdisk.dll version 1.5.30.0
2013-03-30 16:11:20 Version info: Product version 2.3
2013-03-30 16:11:20 Version info: Detection engine 3.41.0
2013-03-30 16:11:20 Version info: Detection data 4.87G
2013-03-30 16:11:20 Version info: Build date 3/13/2013
2013-03-30 16:11:20 Version info: Data files added 379
2013-03-30 16:11:20 Version info: Last successful update 3/30/2013 11:56:40 AM
2013-03-30 16:11:43 Downloading updates...
2013-03-30 16:11:43 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-03-30 16:11:43 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE488 LATEST
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE489 LATEST
2013-03-30 16:11:43 Update progress: [I49502] Found supplement IDE490 LATEST
2013-03-30 16:11:43 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-03-30 16:11:43 Update progress: [I19463] Syncing product SAVIW32 25
2013-03-30 16:11:43 Update progress: [I19463] Syncing product IDE488 180
2013-03-30 16:11:50 Update progress: [I19463] Syncing product IDE489 202
2013-03-30 16:11:50 Installing updates...
2013-03-30 16:11:51 Update progress: [I19463] Syncing product IDE490 1
2013-03-30 16:11:52 Update successful
2013-03-30 16:12:03 Option all = no
2013-03-30 16:12:03 Option recurse = yes
2013-03-30 16:12:03 Option archive = no
2013-03-30 16:12:03 Option service = yes
2013-03-30 16:12:03 Option confirm = yes
2013-03-30 16:12:03 Option sxl = yes
2013-03-30 16:12:03 Option max-data-age = 35
2013-03-30 16:12:03 Component SVRTcli.exe version 2.3
2013-03-30 16:12:03 Component control.dll version 2.3
2013-03-30 16:12:03 Component SVRTservice.exe version 2.3
2013-03-30 16:12:03 Component engine\osdp.dll version 1.44.0.2060
2013-03-30 16:12:03 Component engine\veex.dll version 3.41.0.2060
2013-03-30 16:12:03 Component engine\savi.dll version 7.5.11.2060
2013-03-30 16:12:03 Component rkdisk.dll version 1.5.30.0
2013-03-30 16:12:03 Version info: Product version 2.3
2013-03-30 16:12:03 Version info: Detection engine 3.41.0
2013-03-30 16:12:03 Version info: Detection data 4.87G
2013-03-30 16:12:03 Version info: Build date 3/13/2013
2013-03-30 16:12:03 Version info: Data files added 380
2013-03-30 16:12:03 Version info: Last successful update 3/30/2013 4:11:52 PM

2013-03-30 18:36:35 Could not open C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2013-03-30 18:41:19 Could not open LOGICAL:0004:00000000
2013-03-30 18:41:19 Could not open E:\
2013-03-30 18:41:19 Could not open LOGICAL:0005:00000000
2013-03-30 18:41:19 Could not open F:\
2013-03-30 18:41:25 Could not open PHYSICAL:0081:0000:0000:0001
2013-03-30 18:41:25 Could not open PHYSICAL:0082:0000:0000:0001

2013-03-30 18:47:34 Scan completed.
2013-03-30 18:47:34

------------------------------------------------------------

2013-04-06 08:04:26 Sophos Virus Removal Tool version 2.3
2013-04-06 08:04:26 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-04-06 08:04:26 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-04-06 08:04:26 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-04-06 08:04:26 Checking for updates...
2013-04-06 08:04:40 Update progress: proxy server not available
2013-04-06 08:05:22 Option all = no
2013-04-06 08:05:22 Option recurse = yes
2013-04-06 08:05:22 Option archive = no
2013-04-06 08:05:22 Option service = yes
2013-04-06 08:05:22 Option confirm = yes
2013-04-06 08:05:22 Option sxl = yes
2013-04-06 08:05:22 Option max-data-age = 35
2013-04-06 08:05:22 Component SVRTcli.exe version 2.3
2013-04-06 08:05:22 Component control.dll version 2.3
2013-04-06 08:05:22 Component SVRTservice.exe version 2.3
2013-04-06 08:05:22 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 08:05:22 Component engine\veex.dll version 3.41.0.2060
2013-04-06 08:05:22 Component engine\savi.dll version 7.5.11.2060
2013-04-06 08:05:22 Component rkdisk.dll version 1.5.30.0
2013-04-06 08:05:22 Version info: Product version 2.3
2013-04-06 08:05:22 Version info: Detection engine 3.41.0
2013-04-06 08:05:22 Version info: Detection data 4.87G
2013-04-06 08:05:22 Version info: Build date 3/13/2013
2013-04-06 08:05:22 Version info: Data files added 380
2013-04-06 08:05:22 Version info: Last successful update 3/30/2013 4:11:52 PM
2013-04-06 08:05:38 Downloading updates...
2013-04-06 08:05:38 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2013-04-06 08:05:38 Update progress: [I49502] Found supplement SAVIW32 LATEST 4
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE488 LATEST
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE489 LATEST
2013-04-06 08:05:38 Update progress: [I49502] Found supplement IDE490 LATEST
2013-04-06 08:05:38 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2013-04-06 08:05:38 Update progress: [I19463] Syncing product SAVIW32 25
2013-04-06 08:05:38 Update progress: [I19463] Syncing product IDE488 180
2013-04-06 08:05:44 Update progress: [I19463] Syncing product IDE489 221
2013-04-06 08:05:47 Update progress: [I19463] Syncing product IDE490 22
2013-04-06 08:05:50 Installing updates...
2013-04-06 08:05:52 Update successful
2013-04-06 08:06:04 Option all = no
2013-04-06 08:06:04 Option recurse = yes
2013-04-06 08:06:04 Option archive = no
2013-04-06 08:06:04 Option service = yes
2013-04-06 08:06:04 Option confirm = yes
2013-04-06 08:06:04 Option sxl = yes
2013-04-06 08:06:04 Option max-data-age = 35
2013-04-06 08:06:04 Component SVRTcli.exe version 2.3
2013-04-06 08:06:04 Component control.dll version 2.3
2013-04-06 08:06:04 Component SVRTservice.exe version 2.3
2013-04-06 08:06:04 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 08:06:04 Component engine\veex.dll version 3.41.0.2060
2013-04-06 08:06:04 Component engine\savi.dll version 7.5.11.2060
2013-04-06 08:06:04 Component rkdisk.dll version 1.5.30.0
2013-04-06 08:06:04 Version info: Product version 2.3
2013-04-06 08:06:04 Version info: Detection engine 3.41.0
2013-04-06 08:06:04 Version info: Detection data 4.87G
2013-04-06 08:06:04 Version info: Build date 3/13/2013
2013-04-06 08:06:04 Version info: Data files added 420
2013-04-06 08:06:04 Version info: Last successful update 4/6/2013 8:05:52 AM

2013-04-06 08:08:44 Scan completed.
2013-04-06 08:08:44

------------------------------------------------------------

2013-04-06 09:04:13 Sophos Virus Removal Tool version 2.3
2013-04-06 09:04:13 Copyright (c) 2009-2012 Sophos Limited. All rights reserved.

2013-04-06 09:04:13 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2013-04-06 09:04:13 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x300 PT=0x1 Win32
2013-04-06 09:04:13 Checking for updates...
2013-04-06 09:04:26 Option all = no
2013-04-06 09:04:26 Option recurse = yes
2013-04-06 09:04:26 Option archive = no
2013-04-06 09:04:26 Option service = yes
2013-04-06 09:04:26 Option confirm = yes
2013-04-06 09:04:26 Option sxl = yes
2013-04-06 09:04:26 Option max-data-age = 35
2013-04-06 09:04:26 Component SVRTcli.exe version 2.3
2013-04-06 09:04:26 Component control.dll version 2.3
2013-04-06 09:04:26 Component SVRTservice.exe version 2.3
2013-04-06 09:04:26 Component engine\osdp.dll version 1.44.0.2060
2013-04-06 09:04:26 Component engine\veex.dll version 3.41.0.2060
2013-04-06 09:04:26 Component engine\savi.dll version 7.5.11.2060
2013-04-06 09:04:26 Component rkdisk.dll version 1.5.30.0
2013-04-06 09:04:26 Version info: Product version 2.3
2013-04-06 09:04:26 Version info: Detection engine 3.41.0
2013-04-06 09:04:26 Version info: Detection data 4.87G
2013-04-06 09:04:26 Version info: Build date 3/13/2013
2013-04-06 09:04:26 Version info: Data files added 420
2013-04-06 09:04:26 Version info: Last successful update 4/6/2013 8:05:52 AM
2013-04-06 09:04:28 Update progress: proxy server not available
2013-04-06 09:04:31 Update not required

2013-04-06 10:50:56 Could not open LOGICAL:0004:00000000
2013-04-06 10:50:56 Could not open E:\
2013-04-06 10:50:56 Could not open LOGICAL:0005:00000000
2013-04-06 10:50:56 Could not open F:\
2013-04-06 10:50:58 Could not open PHYSICAL:0081:0000:0000:0001
2013-04-06 10:50:58 Could not open PHYSICAL:0082:0000:0000:0001

to forum · permalink · 2013-04-06 16:45:46 ·


TheJoker
Premium,VIP,MVM
join:2001-04-26
Ruckersville, VA
kudos:5

quote:
where do I find installed programs.
Click Start, click Control Panel, and then double-click Add or Remove Programs.

quote:
Uninstalled the Java file but there is still an old Icon in control panel that is not working.
You also had Java 7 Update 17 installed. If double-clicking on the Java icon in Control Panel's Add or Remove Programs doesn't do anything, go to Add or Remove Programs and uninstall Java 7 Update 17. If you need it (most people don't), you can always reinstall it later.

Please download SystemLook from one of the links below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook.exe
 


http://images.malwareremoval.com/jpshortstuff/SystemLook.exe

- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:dir
C:\18fc8b7197ba6dc4e8 /s
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
- Note: The log can also be found on your Desktop entitled SystemLook.txt

Please download Malwarebytes Anti-Rootkit here:
http://downloads.malwarebytes.org/file/mbar

- Unzip the contents to a folder on the Desktop.
- Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Please post the two logs produced.
- Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

If you see a copy of ComboFix on the Desktop please delete it as we need to ensure you have the latest version.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi···combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the log at C:\ComboFix.txt in your next reply and note any errors encountered.

Your Adobe Reader is out of date. Go to Add or Remove Programs and uninstall Adobe Reader, then download and install the current version from »www.adobe.com and download and install the current version, When you download it, be careful to UNcheck any optional toolbar installation unless you really want the toolbar.

Please post the logs from ComboFix, SystemLook, MBAR (both logs), and note any errors encountered. How is the system running other than the problem

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010
to forum · permalink · 2013-04-06 20:44:44 ·


TheJoker
Premium,VIP,MVM
join:2001-04-26
Ruckersville, VA
kudos:5

Also, let's try to get the contents of c:\FixitRegBackup.reg

Reconfigure Windows to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now can you see c:\FixitRegBackup.reg?
If you can, please right-click on the file, select Edit, and when it opens in Notepad copy and paste the contents in your next reply.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

to forum · permalink · 2013-04-06 20:48:02 ·

turbovmax

join:2003-08-03
Glendale, CA

ComboFix.txt 16,263 bytessystem-log.txt 26,144 bytes
Tried to run Combofix and I get an error saying that I need to turn of Microsoft Security Essentials. Well that was the reason I posted here. I uninstalled that and did a regedit for any leftover files. All were deleted and the uninstall went well. Not sure why MSE is still reporting that it is running. I did find an older log of ComboFix. I will post it and the other logs you requested.

---Files---
None found.

C:\18fc8b7197ba6dc4e8\1025 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1028 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1029 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1030 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1031 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1032 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1033 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1035 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1036 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1037 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1038 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1040 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1041 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1042 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1043 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1044 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1045 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1046 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1049 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1053 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\1055 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\2052 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\2070 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\3076 d------ [18:11 28/03/2013]

C:\18fc8b7197ba6dc4e8\3082 d------ [18:11 28/03/2013]

-= EOF =-
to forum · permalink · 2013-04-07 02:43:56 ·

turbovmax

join:2003-08-03
Glendale, CA
1 edit

reply to TheJoker

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 843890688

------------ Kernel report ------------
04/06/2013 19:59:28
------------ Loaded modules -----------
\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
MpFilter.sys
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Serial.sys
Mup.sys
avgrkx86.sys
avglogx.sys
avgmfx86.sys
avgidshx.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\drivers\ti21sony.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\Rtnicxp.sys
\SystemRoot\system32\drivers\camc6hal.sys
\SystemRoot\system32\drivers\camc6aud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSFHWATI.sys
\SystemRoot\system32\DRIVERS\HSF_DPV.sys
\SystemRoot\system32\DRIVERS\HSF_CNXT.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\avgfwdx.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\avgtdix.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\avgidsshimx.sys
\SystemRoot\system32\DRIVERS\avgidsdriverx.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\??\C:\WINDOWS\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a758390
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000084\
Lower Device Object: 0xffffffff8a50bc70
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
Initialization returned 0x0
Load Function returned 0x0
>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a6bfab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a4d82d8
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a866ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a83d940
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.06.07
Downloaded database version: v2013.03.25.01
Initializing...
Done!
>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a83c900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a866ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a86b5f0, DeviceName: \Device\0000007b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a83d940, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3f61100, 0xffffffff8a866ab8, 0xffffffff88049ab8
Lower DeviceData: 0xffffffffe1e95c08, 0xffffffff8a83d940, 0xffffffff88313558
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 42DA42DA

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 154191807
Partition file system is NTFS
Partition is bootable

Partition 1 type is Other (0xd7)
Partition is NOT ACTIVE.
Partition starts at LBA: 154191870 Numsec = 2104515

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-156281488-156301488)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a7513f8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6bfab8, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a4d82d8, DeviceName: \Device\00000083\, DriverName: \Driver\ti21sony\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a636020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a758390, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a50bc70, DeviceName: \Device\00000084\, DriverName: \Driver\ti21sony\
------------ End ----------
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-01.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\George\Local Settings\Application Data\Avg2013\log\avgual.2013-04-04.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Avg2013\log\avgcore.log.1" is compressed (flags = 1)
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{7736C7FA-512D-11E2-B871-DEC36088709B} --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe --> [PUP.TidyNetwork]
Infected: c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log --> [PUP.TidyNetwork]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
>>
Device number: 0, partition: 1
>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 8.0.6001.18702

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.790000 GHz
Memory total: 2145566720, free: 1302024192

Removal queue found; removal started
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\sidTRUS01.tidy...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2ie.dll...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2networkTRUS01.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidy2update.exe...
Removing c:\Documents and Settings\George\Local Settings\Application Data\TidyNetwork.com\tidynetwork.log...
Removal finished
=======================================

Windows Registry Editor Version 5.00
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware]
@=""
"InstallLocation"="c:\\Program Files\\Microsoft Security Client\\"
"ProductAppDataPath"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware"
"ProductIcon"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-100"
"ProductLocalizedName"="@C:\\Program Files\\Microsoft Security Client\\EppManifest.dll,-1000"
"RemediationExe"="C:\\Program Files\\Microsoft Security Client\\msseces.exe"
"WATPath"="C:\\Program Files\\Microsoft Security Client\\mssewat.dll"
"Edt"=hex:00,00,00,00,00,00,00,00
"ProductType"=dword:00000008
"InstallTime"=hex:f0,14,87,12,51,fa,cd,01
"DisableRoutinelyTakingAction"=dword:00000000
"ProductStatus"=dword:00000000
"OneTimeSqmDataSent"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Extensions]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Processes]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\TemporaryPaths]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Miscellaneous Configuration]
@=""
"SqmConsentApprove"=dword:00000000
"DeltaUpdateFailure"=dword:00000000
"BddUpdateFailure"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\MpEngine]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\ActiveSignatures]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\IP Ranges]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Ports]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Processes]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\Exclusions\Threat IDs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\NIS\Consumers\IPS\SKU Differentiation]
"{7A692DFC-A587-4230-B53B-6B8E867B3212}"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Quarantine]
@=""
"PurgeItemsAfterDelay"=dword:0000005a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Real-Time Protection]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Remediation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Reporting]
@=""
"LastRebootTime"=hex:42,30,9a,2b,84,2d,ce,01

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Scan]
@=""
"SFCState"=dword:00000007
"CacheFile"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Scans\\History\\CacheManager\\MpScanCache-1.bin"
"DisableCatchupQuickScan"=dword:00000001
"DisableCatchupFullScan"=dword:00000001
"AllowPause"=dword:00000000
"CheckForSignaturesBeforeRunningScan"=dword:00000001
"QuickScanInterval"=dword:00000000
"ScheduleDay"=dword:00000001
"LastOfflineScan"=hex:00,00,00,00,00,00,00,00
"LastScanType"=dword:00000002
"LastScanRun"=hex:ba,27,36,0a,13,1e,ce,01
"LastFullScanID"="{1581470E-6408-4388-93A1-5F8BB368DF97}"
"LastFullScanBytesCount"=hex:3c,74,33,9c,07,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Signature Updates]
"SignatureCategoryID"="6b9e8b26-8f50-44b9-94c6-7846084383ec"
@=""
"SignatureUpdateInterval"=dword:00000018
"ScheduleDay"=dword:00000008
"ASSignatureDue"=dword:00000007
"AVSignatureDue"=dword:00000007
"ForceUpdateFromMU"=dword:00000001
"FallbackOrder"="MicrosoftUpdateServer|MMPC"
"LastFallbackTime"=hex:b6,fa,26,08,82,2d,ce,01
"SignatureUpdateCount"=dword:00000022
"SignaturesLastUpdated"=hex:f4,ae,40,2e,82,2d,ce,01
"UpdatedWithinGracePeriod"=dword:00000000
"EngineVersion"="1.1.9302.0"
"AVSignatureVersion"="1.147.768.0"
"AVSignatureBaseVersion"="1.147.0.0"
"AVSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"ASSignatureVersion"="1.147.768.0"
"ASSignatureBaseVersion"="1.147.0.0"
"ASSignatureApplied"=hex:00,eb,ac,c9,41,2d,ce,01
"SignatureLocation"="c:\\Documents and Settings\\All Users\\Application Data\\Microsoft\\Microsoft Antimalware\\Definition Updates\\{C16759E2-1F8D-4158-B806-359C4E9EE48C}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\SpyNet]
@=""
"SpyNetReportingLocation"=hex(7):68,00,74,00,74,00,70,00,73,00,3a,00,2f,00,2f,\
00,73,00,70,00,79,00,6e,00,65,00,74,00,32,00,2e,00,6d,00,69,00,63,00,72,00,\
6f,00,73,00,6f,00,66,00,74,00,2e,00,63,00,6f,00,6d,00,2f,00,41,00,6e,00,74,\
00,69,00,4d,00,61,00,6c,00,77,00,61,00,72,00,65,00,53,00,65,00,72,00,76,00,\
69,00,63,00,65,00,73,00,2f,00,32,00,2f,00,53,00,70,00,79,00,6e,00,65,00,74,\
00,52,00,65,00,70,00,6f,00,72,00,74,00,53,00,72,00,76,00,63,00,2e,00,61,00,\
73,00,6d,00,78,00,00,00,00,00
"SpyNetReporting"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatIDDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\Threats\ThreatSeverityDefaultAction]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware\UX Configuration]
@=""
"DisablePrivacyMode"=dword:00000001

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="C:\\Program Files\\Synaptics\\SynTP\\SynTPStart.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
to forum · permalink · 2013-04-07 02:46:27 ·


TheJoker
Premium,VIP,MVM
join:2001-04-26
Ruckersville, VA
kudos:5

I see that MBAR found and deleted some malware.

quote:
Tried to run Combofix and I get an error saying that I need to turn of Microsoft Security Essentials. Well that was the reason I posted here. I uninstalled that and did a regedit for any leftover files.
When you say you uninstalled that, what was it you uninstalled? MSSE or ComboFix? It's better to not edit the registry manually while we are doing this, it makes tracking changes harder if you make unrequested changes. The ComboFix log you posted was the same one you posted before. I need to see the current one. If it won't run saying that MSSE is still running, reboot to Safe Mode and run it:

Reboot to Safe Mode - Restart your computer and begin tapping the F8 key on your keyboard.
If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.
To return to normal mode just restart your computer as you normally would.

If you were able to successfully run ComboFix, or post a current log from it, there's no need to reboot to Safe mode to run it.

Please download Hijack This!:
»sourceforge.net/projects/hjt/
Please save it in a convenient permanent folder such as C:\HJT\.

Please run HijackThis, click on "Open the Misc Tools section", and then on "Open Uninstall Manager". Click the "Save list" button, save the file uninstall_list.txt to your Desktop, and post the contents here for review.

Please post the log from ComboFix, and the file uninstall_list.txt from HijackThis and note any errors encountered.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010
to forum · permalink · 2013-04-07 09:29:59 ·

turbovmax

join:2003-08-03
Glendale, CA

I have not done a regedit during this process. Want to keep things clean and flowing. After the PC guy cleaned out the FBI virus I tried to open MSSE and it would not. SO I decided to uninstall it and reinstall it. Then I had the problem. At that time I did regedit for additional files of MSSE and found a few and deleted. So i'll run the scan in safe mode. I'm back on the road today so it may take me a bit to respond back.

to forum · permalink · 2013-04-07 10:51:55 ·


TheJoker
Premium,VIP,MVM
join:2001-04-26
Ruckersville, VA
kudos:5

said by turbovmax:

I'm back on the road today so it may take me a bit to respond back.

Not a problem, I'll just keep checking back for replies. See you when you get back.
--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010
to forum · permalink · 2013-04-07 11:37:03 ·

turbovmax

join:2003-08-03
Glendale, CA
1 edit

ComboFix April 7.txt 24,335 bytesuninstall_list.txt 11,948 bytes
Hi Joker. Ran the ComboFix this morning before I left in Safe Mode. I got the error that AVG and MSSE was running and that I could continue at my own risk. I could not disable AVG in Safe Mode and that MSSE thing is probably a corrupted file that got caught in limbo when the PC guy was cleaning out the FBI virus. I dont know. So anyways here is the ComboFix and HijackThis logs. Let me know if I missed anything. Also when I try to uninstall Java 7 Update 17 in either add and remove programs or with revo uninstaller I get an error stating the path is wrong or choose another path to uninstall.
to forum · permalink · 2013-04-07 20:28:18 ·


lilhurricane
So mote it be
Premium,Mod
join:2003-01-11
Purple Zone
kudos:54
Reviews:
·Comcast
Host:
TV over IP
Software
RCN
Inside Insight
Cellphones, Provid..

ComboFix 13-04-06.02 - George 04/07/2013 8:17.4.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1684 [GMT -7:00]
Running from: c:\documents and settings\George\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\George\Local Settings\Application Data\DownloadTerms\teMP.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))
.
.
2013-04-07 09:18 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9A93E083-618E-4E34-8E13-39E0BC686093}\mpengine.dll
2013-04-06 21:03 . 2013-04-06 21:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\PCHealth
2013-04-06 20:52 . 2013-04-06 20:52 -------- d-----w- c:\documents and settings\George\Application Data\Yontoo
2013-04-06 20:52 . 2013-04-06 20:52 -------- d-----w- c:\program files\Yontoo
2013-04-06 20:51 . 2013-04-06 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Tarma Installer
2013-04-06 20:51 . 2013-04-07 15:29 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\DownloadTerms
2013-04-06 16:17 . 2013-04-06 16:17 -------- d-----w- c:\documents and settings\Default User\Application Data\TuneUp Software
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN26.tmp
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN25.tmp
2013-04-06 14:36 . 2013-04-06 14:36 0 ----a-w- c:\windows\system32\REN24.tmp
2013-04-06 04:43 . 2013-03-19 12:50 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 01:05 . 2013-04-05 01:05 -------- d-----w- c:\program files\ESET
2013-04-05 00:28 . 2013-04-05 00:28 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\AVG Secure Search
2013-04-01 23:40 . 2012-12-14 23:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-01 23:40 . 2013-04-01 23:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-31 23:32 . 2013-03-31 23:32 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-03-31 02:09 . 2013-03-31 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-03-30 21:51 . 2013-03-30 21:51 -------- d-----w- c:\documents and settings\George\Application Data\AVG2013
2013-03-30 21:45 . 2013-03-30 21:45 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-30 21:45 . 2013-03-30 21:45 -------- d-----w- c:\documents and settings\George\Application Data\TuneUp Software
2013-03-30 21:44 . 2013-03-30 21:44 -------- d-----w- c:\documents and settings\George\Application Data\AVG SafeGuard toolbar
2013-03-30 21:44 . 2013-03-30 21:44 33624 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-30 21:44 . 2013-04-05 00:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-03-30 21:44 . 2013-03-30 21:44 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-03-30 21:42 . 2013-03-30 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-03-30 21:42 . 2013-03-30 21:42 -------- d-----w- C:\$AVG
2013-03-30 21:40 . 2013-03-30 21:40 -------- d-----w- c:\program files\AVG
2013-03-30 21:36 . 2013-03-30 21:36 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-03-30 21:36 . 2013-04-07 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-03-30 21:36 . 2013-03-31 13:36 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\Avg2013
2013-03-30 21:36 . 2013-03-30 21:36 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\MFAData
2013-03-30 20:36 . 2013-03-30 20:36 12824 ----a-w- C:\FixitRegBackup.reg
2013-03-30 20:27 . 2013-03-30 20:27 -------- d-----w- c:\documents and settings\George\Application Data\Windows Search
2013-03-30 20:19 . 2013-03-30 20:19 -------- d-----w- c:\program files\Microsoft
2013-03-30 20:19 . 2013-03-30 20:19 -------- d-----w- c:\program files\Windows Live SkyDrive
2013-03-30 20:03 . 2013-03-30 20:03 -------- d-----w- c:\windows\system32\winrm
2013-03-30 20:03 . 2013-03-30 20:04 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2013-03-30 20:03 . 2013-03-30 20:03 -------- d-----w- c:\documents and settings\George\Application Data\Windows Desktop Search
2013-03-30 20:02 . 2013-03-30 20:22 -------- d-----w- c:\program files\Windows Desktop Search
2013-03-30 20:02 . 2013-03-30 20:02 -------- d-----w- c:\windows\system32\GroupPolicy
2013-03-30 20:01 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2013-03-30 20:01 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2013-03-30 20:01 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2013-03-30 19:50 . 2013-03-30 19:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2013-03-30 18:50 . 2013-03-30 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-03-30 18:50 . 2013-03-30 18:50 73728 ----a-r- c:\documents and settings\George\Application Data\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-03-29 23:55 . 2013-03-29 23:55 -------- d-sh--w- c:\documents and settings\George\PrivacIE
2013-03-29 23:53 . 2013-03-29 23:53 -------- d-sh--w- c:\documents and settings\George\IETldCache
2013-03-29 23:39 . 2013-03-29 23:40 -------- dc-h--w- c:\windows\ie8
2013-03-29 23:35 . 2013-02-05 20:05 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-03-29 23:33 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-03-29 23:33 . 2013-02-05 20:05 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-03-29 23:33 . 2013-02-05 20:05 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-03-29 23:33 . 2013-02-05 20:05 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-03-29 23:33 . 2013-02-05 20:05 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-03-29 23:33 . 2013-02-05 20:05 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-03-29 23:33 . 2013-02-05 20:05 2004992 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-03-29 23:33 . 2013-02-05 20:05 11111424 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-03-29 20:47 . 2013-03-29 20:47 14664 ----a-w- c:\windows\stinger.sys
2013-03-29 20:46 . 2013-03-29 20:53 -------- d-----w- c:\program files\stinger
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-29 19:20 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
2013-03-28 18:11 . 2013-03-28 18:11 -------- d-----w- C:\18fc8b7197ba6dc4e8
2013-03-28 18:08 . 2013-03-28 18:08 -------- d-----w- c:\program files\Spirent Communications
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\HTC
2013-03-28 18:03 . 2013-03-28 18:03 -------- d-----w- c:\documents and settings\George\Local Settings\Application Data\HTC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-02 10:33 . 2011-10-12 01:41 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-02 02:42 . 2011-12-25 01:08 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2013-03-29 23:28 . 2012-04-18 20:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-29 23:28 . 2011-10-12 02:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2011-10-11 17:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 20:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-06 10:48 . 2004-08-04 20:00 667136 ----a-w- c:\windows\system32\wininet(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 633344 ----a-w- c:\windows\system32\urlmon(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 37888 ----a-w- c:\windows\system32\url(2).dll
2013-02-06 10:48 . 2004-08-04 20:00 1510400 ----a-w- c:\windows\system32\shdocvw(2).dll
2013-02-05 20:05 . 2004-08-04 20:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 20:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 20:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 20:00 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 20:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-16 00:56 . 2012-08-19 21:39 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-11-09 04:04 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-08-19 21:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-29 23:03 . 2013-03-29 23:02 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\George\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yontoo Desktop"="c:\documents and settings\George\Application Data\Yontoo\YontooDesktop.exe" [2013-03-23 42784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-03-30 1219248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\George\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\George\Application Data\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^George^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\documents and settings\George\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 19:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-11-19 23:19 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\George\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [3/30/2013 2:44 PM 33624]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072]
S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [2/19/2013 4:02 AM 1418184]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [4/1/2013 4:40 PM 398184]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4/1/2013 4:40 PM 682344]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [10/12/2011 2:42 PM 42752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe --> c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [?]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [8/19/2011 2:26 AM 450848]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [3/30/2013 2:44 PM 990896]
S2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\Yontoo\Y2Desktop.Updater.exe [4/6/2013 1:52 PM 23552]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [10/10/2011 11:38 PM 231424]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [10/18/2011 9:48 AM 24576]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/1/2013 4:40 PM 21104]
S3 McComponentHostService;McComponentHostService; [x]
S3 Svk2pl;Gigaware USB to Serial Cable;c:\windows\system32\drivers\Svk2pl.sys [4/1/2010 7:35 AM 51200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [10/12/2011 2:40 PM 812544]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 23:28]
.
2013-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-22 01:05]
.
2013-04-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 01:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wrh.noaa.gov/lox/main.php?suite=public
FF - ExtSQL: 2013-04-05 17:00; daxip@kjvdvbop.org; c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions\daxip@kjvdvbop.org
FF - ExtSQL: 2013-04-06 13:52; plugin@yontoo.com; c:\documents and settings\George\Application Data\Mozilla\Firefox\Profiles\5fdbouni.default\extensions\plugin@yontoo.com
FF - ExtSQL: !HIDDEN! 2013-04-06 13:51; daxip@kjvdvbop.org; c:\program files\Mozilla Firefox\extensions\daxip@kjvdvbop.org
FF - user.js: extentions.y2layers.installId - 33128290-ea14-4bc1-a2d3-efdb85b1ce31
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net
Rootkit scan 2013-04-07 08:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(208)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2013-04-07 08:37:47
ComboFix-quarantined-files.txt 2013-04-07 15:37
ComboFix2.txt 2013-03-30 18:47
ComboFix3.txt 2013-03-29 20:16
ComboFix4.txt 2013-03-29 18:56
.
Pre-Run: 57,227,608,064 bytes free
Post-Run: 57,224,278,016 bytes free
.
- - End Of File - - 124B322DABA6DE3DA26BF384C77F9EEE

Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Security Toolbar
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CameraHelperMsi
Conexant AC-Link Audio
Corel WinDVD
erLT
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Customer Participation Program 7.0
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.0
HP Photosmart, Officejet and Deskjet 7.0.A
HP Quick Launch Buttons 6.30 J1
HP QuickPlay 2.0
HP Rhapsody
HP Solution Center 7.0
HP User Guides 0026
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
HTC Driver Installer
IPTInstaller
iTunes
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office File Validation Add-In
Microsoft Office Live Add-in 1.3
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mouse Suite
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 4.5
Quicken 2006
QuickTime
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.94
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sophos Virus Removal Tool
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 2.0.0
Windows Internet Explorer 8
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Wireless Home Network Setup
Yontoo 2.051
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
to forum · permalink · 2013-04-07 23:40:48 ·
Forums > Broadband Tech > Security > Security Cleanup

Tuesday, 09-Apr 00:41:19 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.
Most commented news this week
Hot Topics