Jump to content


Photo
- - - - -

Can't Run Malwarebytes Run time Error 371

Failed to load WebBrowser fri

  • This topic is locked This topic is locked
46 replies to this topic

#1 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 19 March 2013 - 05:31 PM

Please help. I think I'm infected by some type of virus, trojan, rootkit, or all of the above. My desktop has been hijacked to look like a Windows Explorer view without the name of the window across the top and missing the File/Edit/View etc menu's. I have a photo of the desktop and can post it if there is a way. A wide blue bar runs down the left side of the widow similar to the Explorer view in folders mode and after clicking the 'X' close the Folders view. A bar with with Folder Tasks, Other Places and details shows. This is what my desktop looks like. Running Windows XP SP3.
Running AVG Free as my antivirus. When the system starts I get the Windows Security Alert. Eventhough AVG Antivirus is Runiing (or appears to be running) Windows does not recognize it.

I automatically assumed this to be a virus so I tried to run Malwarebytes and receive the Error:
"Run-Time error '373' Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application".

The thread at this link ( http://forums.malwar...howtopic=120912 ) appears to be the same problem as I have. Maurice handled that thread but I see no results. I followed the instruction at "I'm infected what do I do". I downloaded and ran dds.txt and Attach.txt and they are both attached. I appreciate any and all help you can give. Thank you!!!!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Ad-Aware SE Personal
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.5
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 5
ATI Control Panel
ATI Display Driver
AVG 2013
Bonjour
Broadcom Advanced Control Suite 2
CCleaner
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Desktop Hijack Fix
Desktop Hijack Fix (C:\Program Files\Desktop Hijack Fix\)
Desktop Hijack Fix (C:\Program Files\Desktop Hijack Fix\) #3
DMX Update
DVD Decrypter (Remove Only)
EPSON Print CD
EPSON Printer Software
EPSON Stylus Photo R380 User's Guide
ERUNT 1.1j
Eusing Free Registry Cleaner
Google Toolbar for Internet Explorer
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Intel Application Accelerator
Internet Explorer Default Page
iolo technologies' System Mechanic
iSEEK AnswerWorks English Runtime
iTunes
Java Auto Updater
Java™ 6 Update 31
Juniper Networks Network Connect 7.1.0
Juniper Networks Network Connect 7.2.0
Juniper Networks Secure Application Manager
Juniper Networks, Inc. Setup Client
Logitech MouseWare 9.79
Macromedia Flash Player
Malwarebytes Anti-Malware version 1.70.0.1100
MaxPerforma Optimizer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Sounds
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
PDFCreator
Photo Click
Photo Organizer
Photo Story 3 for Windows
Picasa 3
PowerDVD 5.5
PrimoPDF -- brought to you by Nitro PDF Software
QuickBooks Simple Start Special Edition
Quicken 2011
QuickTime
RealPlayer
Reimage Repair
Remove MiraScan USB Driver
SafeSearch
ScoreCard Golf
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2797052)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sound Blaster Live! 24-bit
Spybot - Search & Destroy
Turbo Tax Audit Support Center 2.0
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wriiper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2009 wriiper
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmaiper
TurboTax 2010 wrapper
TurboTax 2010 wriiper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wmaiper
TurboTax 2011 wrapper
TurboTax 2011 wriiper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmaiper
TurboTax 2012 wrapper
TurboTax 2012 wriiper
TurboTax Deluxe 2005
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
VCRedistSetup
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
WebFldrs XP
WexTech AnswerWorks
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage v1.3.0254.0
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell™ 1.0
WinUtilities 10.5 Free Edition
Wise Registry Cleaner Free 5.53
WordPerfect Office 12
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Bill at 17:58:51 on 2013-03-19
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\WINDOWS\system32\locator.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
\??\C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll
TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll
EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\WhlLSP.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://sslvpn.amica.com/whalecom63bc792f8cfe821ccba43f03a785/whalecom0/tsweb/msrdp.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://sslvpn.amica.com/InternalSite/WhlCompMgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://sslvpn.amica.com/whalecom63bc792f8cfe821ccba43f03a785/whalecom0/tsweb/msrdp.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslvpn.amica.com/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.amica.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{8A47E909-0B9B-4B40-959B-1B282946BAA3} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2013-03-19 20:12:55 67 ----a-w- C:\Ntf2.tmp
2013-03-19 20:12:55 179052 ----a-w- C:\Ntf1.tmp
2013-03-19 00:02:23 -------- dc-h--w- c:\windows\ie8
2013-03-18 23:56:59 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-18 23:56:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-18 23:22:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-18 23:22:34 -------- d-----w- c:\documents and settings\bill\application data\Malwarebytes
2013-03-18 23:22:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-03-17 23:36:22 -------- d-----w- c:\windows\ERUNT
2013-03-17 23:36:16 -------- d-----w- C:\JRT
2013-03-17 22:33:28 -------- d-----w- C:\rei
2013-03-17 22:33:23 -------- d-----w- c:\program files\Reimage
2013-03-17 15:51:27 -------- d-----w- c:\documents and settings\bill\application data\QuickScan
2013-03-17 15:41:36 -------- d-----w- c:\program files\Desktop Hijack Fix
2013-03-16 23:38:26 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 23:38:26 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-16 22:41:34 -------- d-----w- c:\program files\Wise Registry Cleaner
2013-03-16 21:18:27 177496 ----a-w- c:\windows\system32\drivers\32709681.sys
2013-03-16 19:35:27 -------- d-----w- c:\program files\MaxPerforma Optimizer
2013-03-16 19:12:15 -------- d-----w- c:\program files\Lavasoft
2013-03-14 01:11:33 -------- d-sha-r- C:\cmdcons
2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll
2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll
2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2013-03-14 00:20:53 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll
2013-03-14 00:20:53 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-03-14 00:20:53 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2013-03-14 00:20:53 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2013-03-13 00:35:21 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-03-11 01:07:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll
2013-03-11 01:07:35 56200 ----a-w- c:\windows\system32\offreg.dll
2013-03-11 01:07:35 33280 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-03-11 01:07:35 15360 ----a-w- c:\windows\system32\smrgdf.exe
2013-03-11 01:07:34 -------- d-----w- c:\program files\iolo
2013-03-11 01:05:42 -------- d-----w- c:\documents and settings\bill\application data\iolo
2013-03-10 15:27:20 -------- d-----w- C:\MGtools
2013-03-10 15:09:05 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-10 13:27:10 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-03-09 19:49:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-03-09 17:57:52 -------- d-----w- c:\documents and settings\bill\application data\AVSoftware
2013-03-09 17:57:47 -------- d-----w- c:\program files\SafeSearch
2013-03-02 18:24:14 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-24 23:24:14 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys
.
==================== Find3M ====================
.
2013-03-17 22:58:32 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-03-17 22:58:32 249856 ------w- c:\windows\Setup1.exe
2013-03-14 00:23:54 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 00:23:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-11 00:55:10 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 18:00:06.68 ===============

Attached Files



#2 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 20 March 2013 - 11:07 AM

Hi MaryVan,


Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.
Let's give this tool a try:

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. b]CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.[/b]
Posted Image

#3 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 20 March 2013 - 07:07 PM

Hi Tomk1, thank you so much for helping me, I really appreciate your assistance. I downloaded Combofix, disabled my antivirus and ran it. The log from the scan follows. Thanks again for any and all help

ComboFix 13-03-20.02 - Bill 20/03/2013 19:52:09.6.2 - x86
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-20 22:09 . 2013-03-20 23:33 859 ----a-w- C:\NtfA.tmp
2013-03-20 22:09 . 2013-03-20 22:09 67 ----a-w- C:\NtfB.tmp
2013-03-20 00:16 . 2013-03-20 00:20 8745337 ----a-w- C:\Ntf8.tmp
2013-03-20 00:16 . 2013-03-20 00:17 67 ----a-w- C:\Ntf9.tmp
2013-03-19 20:40 . 2013-02-05 20:05 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll
2013-03-19 20:12 . 2013-03-19 23:05 282761 ----a-w- C:\Ntf1.tmp
2013-03-19 20:12 . 2013-03-19 20:12 67 ----a-w- C:\Ntf2.tmp
2013-03-19 00:02 . 2013-03-19 00:02 -------- dc-h--w- c:\windows\ie8
2013-03-18 23:56 . 2013-03-19 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-18 23:56 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-18 23:22 . 2013-03-19 21:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- c:\windows\ERUNT
2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- C:\JRT
2013-03-17 22:33 . 2013-03-17 22:35 -------- d-----w- C:\rei
2013-03-17 22:33 . 2013-03-17 22:33 -------- d-----w- c:\program files\Reimage
2013-03-17 15:51 . 2013-03-17 15:51 -------- d-----w- c:\documents and settings\Bill\Application Data\QuickScan
2013-03-17 15:41 . 2013-03-17 22:58 -------- d-----w- c:\program files\Desktop Hijack Fix
2013-03-17 15:13 . 2013-03-17 15:22 -------- d-----w- c:\program files\ERUNT
2013-03-16 23:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys
2013-03-16 23:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys
2013-03-16 22:41 . 2013-03-16 23:10 -------- d-----w- c:\program files\Wise Registry Cleaner
2013-03-16 21:18 . 2013-03-16 21:18 177496 ----a-w- c:\windows\system32\drivers\32709681.sys
2013-03-16 19:35 . 2013-03-16 19:35 -------- d-----w- c:\program files\MaxPerforma Optimizer
2013-03-16 19:12 . 2013-03-16 19:12 -------- d-----w- c:\program files\Lavasoft
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smimsgif.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smierrsy.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\wbem\SNMP\smierrsm.dll
2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2013-03-13 00:35 . 2013-03-13 00:35 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-03-11 01:07 . 2012-04-17 13:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll
2013-03-11 01:07 . 2012-04-17 14:11 33280 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-03-11 01:07 . 2012-04-17 14:11 15360 ----a-w- c:\windows\system32\smrgdf.exe
2013-03-11 01:07 . 2012-04-17 12:25 56200 ----a-w- c:\windows\system32\offreg.dll
2013-03-11 01:07 . 2013-03-11 01:07 -------- d-----w- c:\program files\iolo
2013-03-11 01:05 . 2013-03-13 23:34 -------- d-----w- c:\documents and settings\Bill\Application Data\iolo
2013-03-10 15:27 . 2013-03-16 00:26 -------- d-----w- C:\MGtools
2013-03-10 15:09 . 2013-03-10 15:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-10 13:27 . 2013-03-10 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-03-09 19:49 . 2013-03-16 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-03-09 19:42 . 2013-03-09 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-03-09 17:57 . 2013-03-09 17:57 -------- d-----w- c:\documents and settings\Bill\Application Data\AVSoftware
2013-03-09 17:57 . 2013-03-16 19:35 -------- d-----w- c:\program files\SafeSearch
2013-03-02 18:24 . 2013-03-14 00:23 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-24 23:24 . 2013-02-24 23:24 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 22:58 . 2008-11-13 01:56 249856 ------w- c:\windows\Setup1.exe
2013-03-17 22:58 . 2008-11-13 01:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-03-16 00:26 . 2013-03-10 15:27 366650 ----a-w- C:\MGlogs.zip
2013-03-14 00:23 . 2012-08-10 11:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 00:23 . 2012-08-10 11:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-11 00:55 . 2012-08-05 05:24 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-02-20 05:13 . 2013-02-20 05:13 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-02-12 00:32 . 2009-03-26 22:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 20:05 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 1980-01-01 05:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e27d5867-80de-4449-9c03-71707c0db05b}]
2012-07-26 01:09 508216 ----a-w- c:\program files\SafeSearch\ie\adxloader.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}"= "c:\program files\SafeSearch\ie\adxloader.dll" [2012-07-26 508216]
.
[HKEY_CLASSES_ROOT\clsid\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}]
[HKEY_CLASSES_ROOT\SafeSearch.SafeSearch1]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-14 20:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-22 18:22 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Whale Communications\\Client Components\\3.1.0\\WhlClnt3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 Retrogamer_2zService;RetrogamerService; [x]
R3 DMService;Whale Component Manager; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MFE_RR;MFE_RR;c:\docume~1\Bill\LOCALS~1\Temp\mfe_rr.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 23:54]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]
.
2013-03-17 c:\windows\Tasks\MaxPerformaSys.job
- c:\program files\MaxPerforma Optimizer\MaxPerforma.exe [2013-03-16 21:41]
.
2013-03-17 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-03-14 08:09]
.
2013-03-17 c:\windows\Tasks\Reimage ScanAgent.job
- c:\program files\Reimage\Reimage Repair\REI_ScanAgent.exe [2013-03-14 08:13]
.
2013-03-20 c:\windows\Tasks\SSVerify.job
- c:\program files\SafeSearch\se.exe [2013-03-09 22:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
LSP: c:\progra~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlLSP.dll
Trusted Zone: localhost
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-20 19:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3326227057-3804168404-3607557-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-03-20 20:02:11
ComboFix-quarantined-files.txt 2013-03-21 00:02
.
Pre-Run: 22,041,350,144 bytes free
Post-Run: 21,981,650,944 bytes free
.
- - End Of File - - B40BD261AAA409C4C5163E0E27DC9399

#4 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 20 March 2013 - 07:18 PM

Hmm.... something still isn't correct in there.

Please download Farbar Service Scanner and run it on the computer
  • Make sure all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Posted Image

#5 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 21 March 2013 - 06:31 PM

Thanks Tomk1, I downloaded Farbar Service Scanner and I'm attaching the log to this reply. Again, thank you for your help. I have NOT tried to run or install Malwarebytes sicne beginning this thread. I'm assuming you'll tell me when to try that. Any ideas what I might have here?

Mary

Farbar Service Scanner Version: 03-03-2013
Ran by Bill (administrator) on 21-03-2013 at 19:27:58
Running from "C:\Documents and Settings\Bill\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2004-08-04 06:00] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2004-08-04 06:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:
=======
Avgtdix(9) Gpc(6) IPSec(4) NEOFLTR_710_19243(10) NetBT(5) PSched(7) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000900000005000000080000000600000007000000
IpSec Tag value is correct.
**** End of log ****

#6 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 21 March 2013 - 09:12 PM

I haven't found anything nefarious yet (virus, trojan, whatever). All I see is that for some reason your operating system isn't "firing on all cylinders". I'm trying to figure out why.

Let's try some resetting of the system.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.


Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Posted Image



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Posted Image


Go to Step 4 and under "System Restore" click on Create button:

Posted Image


Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

Posted Image

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
Posted Image

#7 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 22 March 2013 - 07:56 PM

Hi Tom, I downloaded the Windows Repair (All in One) tool and tried installing it and received the following error:

Could not create shortcut:
C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com\Window Repair (All in One)\Uninstall
Tweaking.com - Windows Repair (All in one).lnk

The site had several places to download from, I tried them all and received the same problem each time. One of the download sites offered afree scan from Reimage PC Repair online. I figured what the heck and ran the free scan. It came back with 15 stability Issues, 1 Virus, and Windows Damage Severity = High. I don't know anything about this Online scan and fix by Reimage so I I did not fix anything plus they want $40.00 for a one time fix. Not sure of the site or software is trustworthy but figured I'd pass it on. Still looking for help and next steps, thanks for everythign so far.

#8 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 22 March 2013 - 08:02 PM

I found the repair tool in my programs folder it ctually installed eventhough I received the error in my previous post I'm running now. Sorry about the previous post. I post again shortly when done running the tool.

#9 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 22 March 2013 - 08:34 PM

Not a problem.

As far as the PC image repair program... I don't know anything about it. Personally I don't trust any program I read about in an ad. Most of them come with adware at a minimum. Also, alot of that type of program install a "trace" of an infection so that they can show you that they found something no one else did and then try to get you to pay them for the repair. We refer to those programs as rogues. If you run them on 10 computers they will show the same problem with all 10.
Posted Image

#10 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 22 March 2013 - 09:52 PM

Hi Tom here is the Windows_Repair_log_txt. Even after the restarts, I still have the desktop that resembles an explorer window. Thanks for the info on those rogue pieces of software. Here's the log. Again thanks for the help so for. Looking forward to the next round of fixes :lol:

Running Repair Under System Account
Starting Repairs...
Start (22/03/2013 10:27:12 PM)
Reset Registry Permissions 01/03
HKEY_CURRENT_USER & Sub Keys
Start (22/03/2013 10:27:12 PM)
Running Repair Under Current User Account
Done (22/03/2013 10:27:21 PM)
Reset Registry Permissions 02/03
HKEY_LOCAL_MACHINE & Sub Keys
Start (22/03/2013 10:27:21 PM)
Running Repair Under System Account
Done (22/03/2013 10:28:41 PM)
Reset Registry Permissions 03/03
HKEY_CLASSES_ROOT & Sub Keys
Start (22/03/2013 10:28:41 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:22 PM)
Reset File Permissions 01/34
C:\$AVG & Sub Folders
Start (22/03/2013 10:29:22 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:25 PM)
Reset File Permissions 02/34
C:\7e1ff50de35d68c177a8d4c9640deb & Sub Folders
Start (22/03/2013 10:29:25 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:27 PM)
Reset File Permissions 03/34
C:\A MyLeague & Sub Folders
Start (22/03/2013 10:29:27 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:29 PM)
Reset File Permissions 04/34
C:\A MyLeague Test & Sub Folders
Start (22/03/2013 10:29:29 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:32 PM)
Reset File Permissions 05/34
C:\c7bc68329dbab11061fc4cebbfa75bff & Sub Folders
Start (22/03/2013 10:29:32 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:34 PM)
Reset File Permissions 06/34
C:\cmdcons & Sub Folders
Start (22/03/2013 10:29:34 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:37 PM)
Reset File Permissions 07/34
C:\ConverterOutput & Sub Folders
Start (22/03/2013 10:29:37 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:39 PM)
Reset File Permissions 08/34
C:\DELL & Sub Folders
Start (22/03/2013 10:29:39 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:41 PM)
Reset File Permissions 09/34
C:\DRIVERS & Sub Folders
Start (22/03/2013 10:29:41 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:44 PM)
Reset File Permissions 10/34
C:\elgae & Sub Folders
Start (22/03/2013 10:29:44 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:46 PM)
Reset File Permissions 11/34
C:\Email_Me & Sub Folders
Start (22/03/2013 10:29:46 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:49 PM)
Reset File Permissions 12/34
C:\EPSONREG & Sub Folders
Start (22/03/2013 10:29:49 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:51 PM)
Reset File Permissions 13/34
C:\Games & Sub Folders
Start (22/03/2013 10:29:51 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:53 PM)
Reset File Permissions 14/34
C:\GanttAdn & Sub Folders
Start (22/03/2013 10:29:53 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:56 PM)
Reset File Permissions 15/34
C:\GOO26S & Sub Folders
Start (22/03/2013 10:29:56 PM)
Running Repair Under System Account
Done (22/03/2013 10:29:58 PM)
Reset File Permissions 16/34
C:\I386 & Sub Folders
Start (22/03/2013 10:29:58 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:35 PM)
Reset File Permissions 17/34
C:\iolo & Sub Folders
Start (22/03/2013 10:30:35 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:37 PM)
Reset File Permissions 18/34
C:\JRT & Sub Folders
Start (22/03/2013 10:30:37 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:40 PM)
Reset File Permissions 19/34
C:\LXKZ52 & Sub Folders
Start (22/03/2013 10:30:40 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:42 PM)
Reset File Permissions 20/34
C:\MGtools & Sub Folders
Start (22/03/2013 10:30:42 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:44 PM)
Reset File Permissions 21/34
C:\MSOCache & Sub Folders
Start (22/03/2013 10:30:44 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:47 PM)
Reset File Permissions 22/34
C:\My Downloads & Sub Folders
Start (22/03/2013 10:30:47 PM)
Running Repair Under System Account
Done (22/03/2013 10:30:49 PM)
Reset File Permissions 23/34
C:\Program Files & Sub Folders
Start (22/03/2013 10:30:49 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:08 PM)
Reset File Permissions 24/34
C:\Qoobox & Sub Folders
Start (22/03/2013 10:33:08 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:10 PM)
Reset File Permissions 25/34
C:\rei & Sub Folders
Start (22/03/2013 10:33:10 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:13 PM)
Reset File Permissions 26/34
C:\Richmond Golf League AutoBkUp & Sub Folders
Start (22/03/2013 10:33:13 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:15 PM)
Reset File Permissions 27/34
C:\Richmond Golf League AutoBkUp & Sub Folders
Start (22/03/2013 10:33:15 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:18 PM)
Reset File Permissions 28/34
C:\Richmond Golf League BkUp & Sub Folders
Start (22/03/2013 10:33:18 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:20 PM)
Reset File Permissions 29/34
C:\ScoreCard Works & Sub Folders
Start (22/03/2013 10:33:20 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:26 PM)
Reset File Permissions 30/34
C:\scPics & Sub Folders
Start (22/03/2013 10:33:26 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:29 PM)
Reset File Permissions 31/34
C:\Scratch & Sub Folders
Start (22/03/2013 10:33:29 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:31 PM)
Reset File Permissions 32/34
C:\sh4ldr & Sub Folders
Start (22/03/2013 10:33:31 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:34 PM)
Reset File Permissions 33/34
C:\TDSSKiller_Quarantine & Sub Folders
Start (22/03/2013 10:33:34 PM)
Running Repair Under System Account
Done (22/03/2013 10:33:36 PM)
Reset File Permissions 34/34
C:\WINDOWS & Sub Folders
Start (22/03/2013 10:33:36 PM)
Running Repair Under System Account
Done (22/03/2013 10:35:28 PM)
Register System Files
Start (22/03/2013 10:35:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:37:38 PM)
Repair WMI
Start (22/03/2013 10:37:38 PM)
Running Repair Under Current User Account
The system cannot find the path specified.
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
Running Repair Under System Account
The system cannot find the path specified.
Done (22/03/2013 10:38:15 PM)
Repair Windows Firewall
Start (22/03/2013 10:38:15 PM)
Running Repair Under Current User Account
System error 1060 has occurred.
The specified service does not exist as an installed service.
The Windows Firewall/Internet Connection Sharing (ICS) service is not started.
More help is available by typing NET HELPMSG 3521.
System error 1060 has occurred.
The specified service does not exist as an installed service.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
Running Repair Under System Account
System error 1060 has occurred.
The specified service does not exist as an installed service.
System error 1060 has occurred.
The specified service does not exist as an installed service.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
The service name is invalid.
More help is available by typing NET HELPMSG 2185.
Done (22/03/2013 10:38:23 PM)
Repair Internet Explorer
Start (22/03/2013 10:38:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:39:41 PM)
Remove Policies Set By Infections
Start (22/03/2013 10:39:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:39:45 PM)
Repair Icons
Start (22/03/2013 10:39:45 PM)
Running Repair Under System Account
Could Not Find C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db.bak
Could Not Find C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db
Done (22/03/2013 10:39:48 PM)
Repair Winsock & DNS Cache
Start (22/03/2013 10:39:48 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:39:52 PM)
Repair Proxy Settings
Start (22/03/2013 10:39:52 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:39:57 PM)
Repair Windows Updates
Start (22/03/2013 10:39:57 PM)
Running Repair Under Current User Account
The BITS service is not started.
More help is available by typing NET HELPMSG 3521.
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Running Repair Under System Account
The BITS service is not started.
More help is available by typing NET HELPMSG 3521.
The Automatic Updates service is not started.
More help is available by typing NET HELPMSG 3521.
The system cannot find the file specified.
Done (22/03/2013 10:40:42 PM)
Repair MSI (Windows Installer)
Start (22/03/2013 10:40:42 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:40:51 PM)
Repair bat Association
Start (22/03/2013 10:40:51 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:40:55 PM)
Repair cmd Association
Start (22/03/2013 10:40:55 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:00 PM)
Repair com Association
Start (22/03/2013 10:41:00 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:05 PM)
Repair Directory Association
Start (22/03/2013 10:41:05 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:09 PM)
Repair Drive Association
Start (22/03/2013 10:41:09 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:14 PM)
Repair exe Association
Start (22/03/2013 10:41:14 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:18 PM)
Repair Folder Association
Start (22/03/2013 10:41:18 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:23 PM)
Repair inf Association
Start (22/03/2013 10:41:23 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:28 PM)
Repair lnk (Shortcuts) Association
Start (22/03/2013 10:41:28 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:32 PM)
Repair msc Association
Start (22/03/2013 10:41:32 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:37 PM)
Repair reg Association
Start (22/03/2013 10:41:37 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:41 PM)
Repair scr Association
Start (22/03/2013 10:41:41 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:46 PM)
Repair Print Spooler
Start (22/03/2013 10:41:46 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:41:59 PM)
Restore Important Windows Services
Start (22/03/2013 10:41:59 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:42:03 PM)
Set Windows Services To Default Startup
Start (22/03/2013 10:42:03 PM)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 10:42:20 PM)
Cleaning up empty logs...
All Selected Repairs Done.
Done (22/03/2013 10:42:20 PM)
Total Repair Time: 00:15:08

...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

#11 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 22 March 2013 - 10:22 PM

It didn't fix things.

Please click here and run the Microsoft FixIt.
Posted Image

#12 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 23 March 2013 - 02:14 PM

Hi Tom, I tried 2 different methods to run Microsoft fix it and neither way allows me to runi it. First I simply tried to run it straight from Microsoft's website and received the error:

We're sorry, you do not have the permission to run this program
This program does not support the 'Runas' feature. To resolve this problem, log onto Windows as an administrator or as a user who has administrator level credentials.

Next I saved the app to my desktop and tried running it from there. I received the same error. I only have one user on this machine and it has administrator rights.

Just to make sure I created another user on the machine and made sure it had administrator rights. A funny thing happened, the second user (named Test) had a normal desktop view, not like the view I provided in my initial post. When I ran Microsoft fix it under that user it received this error:

Troubleshooting cannot continue because an error has occurred
We’re sorry but the program encountered an error and co not continue please try again later

Also I can now start antimalwarebytes under either user. Not sure which fix allowed that. I ran the scan and it came up with no infections. Windows security alert still pops up regardless of the user I am signed on as stating that my “virus protection is not found though”. I can see it running in my task bar and if I click on the icon it opens AVG Anti Virus.

#13 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 23 March 2013 - 03:14 PM

Please do me a favor and try running ComboFix under your "test" user.
Posted Image

#14 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 24 March 2013 - 01:56 PM

I ran Combofix on the new user (Test). Here is the listing from the run, what would you like me to try next?

ComboFix 13-03-24.03 - Test 03/24/2013 14:20:08.7.2 - x86
Running from: c:\documents and settings\Test\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))
.
.
2013-03-24 15:42 . 2013-03-24 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-03-24 13:46 . 2013-03-24 13:46 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-24 13:46 . 2013-03-24 13:46 67 ----a-w- C:\Ntf9.tmp
2013-03-24 13:46 . 2013-03-24 13:46 67 ----a-w- C:\Ntf8.tmp
2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\documents and settings\Bill\Application Data\AVG SafeGuard toolbar
2013-03-24 13:09 . 2013-03-24 13:09 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\program files\AVG SafeGuard toolbar
2013-03-24 13:09 . 2013-03-24 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- C:\$AVG
2013-03-23 16:39 . 2013-03-24 16:41 -------- d-----w- c:\documents and settings\Test
2013-03-23 01:38 . 2001-08-17 17:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2013-03-23 01:37 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2013-03-23 01:36 . 2001-08-17 17:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2013-03-23 01:35 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2013-03-23 01:34 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2013-03-23 01:33 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2013-03-23 01:32 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2013-03-23 01:31 . 2001-08-18 02:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2013-03-23 01:30 . 2001-08-17 16:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys
2013-03-23 01:29 . 2001-08-17 17:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2013-03-23 01:28 . 2001-08-18 02:36 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
2013-03-23 01:27 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2013-03-23 01:26 . 2004-08-04 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll
2013-03-23 01:25 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2013-03-23 01:24 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2013-03-23 01:23 . 2001-08-17 18:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys
2013-03-23 01:22 . 2001-08-17 17:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2013-03-23 01:21 . 2001-08-17 17:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2013-03-23 01:20 . 2004-08-04 10:00 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll
2013-03-23 01:19 . 2001-08-17 16:10 24653 ----a-w- c:\windows\system32\dllcache\el574nd4.sys
2013-03-23 01:18 . 2001-08-18 02:36 110592 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
2013-03-23 01:17 . 2001-08-17 16:13 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys
2013-03-23 01:16 . 2001-08-18 02:36 87552 ----a-w- c:\windows\system32\dllcache\avmcoxp.dll
2013-03-23 01:14 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2013-03-23 01:02 . 2013-03-23 02:42 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-03-22 23:58 . 2013-03-22 23:58 -------- d-----w- c:\program files\Tweaking.com
2013-03-19 20:40 . 2013-02-05 20:05 11111424 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2013-03-19 00:02 . 2013-03-19 00:02 -------- dc-h--w- c:\windows\ie8
2013-03-18 23:56 . 2013-03-23 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-18 23:56 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes
2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- c:\windows\ERUNT
2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- C:\JRT
2013-03-17 22:33 . 2013-03-23 00:03 -------- d-----w- C:\rei
2013-03-17 22:33 . 2013-03-17 22:33 -------- d-----w- c:\program files\Reimage
2013-03-17 15:51 . 2013-03-17 15:51 -------- d-----w- c:\documents and settings\Bill\Application Data\QuickScan
2013-03-17 15:41 . 2013-03-17 22:58 -------- d-----w- c:\program files\Desktop Hijack Fix
2013-03-17 15:13 . 2013-03-17 15:22 -------- d-----w- c:\program files\ERUNT
2013-03-16 22:41 . 2013-03-23 16:37 -------- d-----w- c:\program files\Wise Registry Cleaner
2013-03-16 21:18 . 2013-03-16 21:18 177496 ----a-w- c:\windows\system32\drivers\32709681.sys
2013-03-16 19:35 . 2013-03-16 19:35 -------- d-----w- c:\program files\MaxPerforma Optimizer
2013-03-16 19:12 . 2013-03-16 19:12 -------- d-----w- c:\program files\Lavasoft
2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\system32\GPhotos.scr
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smimsgif.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smierrsy.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll
2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll
2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\wbem\SNMP\smierrsm.dll
2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll
2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll
2013-03-13 00:35 . 2013-03-13 00:35 74703 ----a-w- c:\windows\system32\mfc45.dll
2013-03-11 01:07 . 2012-04-17 13:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll
2013-03-11 01:07 . 2012-04-17 14:11 33280 ----a-w- c:\windows\system32\iolobtdfg.exe
2013-03-11 01:07 . 2012-04-17 14:11 15360 ----a-w- c:\windows\system32\smrgdf.exe
2013-03-11 01:07 . 2012-04-17 12:25 56200 ----a-w- c:\windows\system32\offreg.dll
2013-03-11 01:07 . 2013-03-11 01:07 -------- d-----w- c:\program files\iolo
2013-03-11 01:05 . 2013-03-23 16:37 -------- d-----w- c:\documents and settings\Bill\Application Data\iolo
2013-03-10 15:27 . 2013-03-16 00:26 -------- d-----w- C:\MGtools
2013-03-10 15:09 . 2013-03-10 15:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-10 13:27 . 2013-03-10 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-03-09 19:49 . 2013-03-16 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-03-09 19:42 . 2013-03-09 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2013-03-09 17:57 . 2013-03-09 17:57 -------- d-----w- c:\documents and settings\Bill\Application Data\AVSoftware
2013-03-09 17:57 . 2013-03-16 19:35 -------- d-----w- c:\program files\SafeSearch
2013-03-02 18:24 . 2013-03-14 00:23 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-01 14:32 . 2013-03-01 14:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 03:40 . 2013-02-27 03:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-24 23:24 . 2013-02-24 23:24 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-17 22:58 . 2008-11-13 01:56 249856 ----a-w- c:\windows\Setup1.exe
2013-03-17 22:58 . 2008-11-13 01:56 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-03-16 00:26 . 2013-03-10 15:27 366650 ----a-w- C:\MGlogs.zip
2013-03-14 00:23 . 2012-08-10 11:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-14 00:23 . 2012-08-10 11:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-11 00:55 . 2012-08-05 05:24 74703 ----a-w- c:\windows\system32\mfc45.dat
2013-02-20 05:13 . 2013-02-20 05:13 10 ----a-w- c:\windows\Fonts\wfonts.key
2013-02-14 07:52 . 2013-02-14 07:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2009-03-26 22:14 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 08:37 . 2013-02-08 08:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 08:37 . 2013-02-08 08:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 08:37 . 2013-02-08 08:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 08:37 . 2013-02-08 08:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 08:37 . 2013-02-08 08:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-02-05 20:05 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 1980-01-01 05:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-03-24 13:09 1929392 ----a-w- c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll" [2013-03-24 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-03-24 1151152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0???,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0autocheck smrgdf c:\documents and settings\Bill\Application Data\iolo\\0\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-12-14 20:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-22 18:22 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Whale Communications\\Client Components\\3.1.0\\WhlClnt3.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]
R2 Retrogamer_2zService;RetrogamerService; [x]
R3 cpuz134;cpuz134;c:\docume~1\Bill\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]
R3 DMService;Whale Component Manager; [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 MFE_RR;MFE_RR;c:\docume~1\Bill\LOCALS~1\Temp\mfe_rr.sys [x]
R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 23:54]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]
.
2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]
.
2013-03-24 c:\windows\Tasks\MaxPerformaSys.job
- c:\program files\MaxPerforma Optimizer\MaxPerforma.exe [2013-03-16 21:41]
.
2013-03-17 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-03-19 13:53]
.
2013-03-17 c:\windows\Tasks\Reimage ScanAgent.job
- c:\program files\Reimage\Reimage Repair\REI_ScanAgent.exe [2013-03-19 13:55]
.
2013-03-24 c:\windows\Tasks\SSVerify.job
- c:\program files\SafeSearch\se.exe [2013-03-09 22:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/mywaybiz
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: musicmatch.com\online
TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-24 14:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3326227057-3804168404-3607557-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6116)
c:\windows\system32\WININET.dll
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-03-24 14:31:35
ComboFix-quarantined-files.txt 2013-03-24 18:31
ComboFix2.txt 2013-03-21 00:02
.
Pre-Run: 21,713,223,680 bytes free
Post-Run: 21,802,401,792 bytes free
.
- - End Of File - - 73971FB1AE9F9A31B52061462A5F1868

#15 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 24 March 2013 - 04:16 PM

Things are still not working there as they should. Let me do some more research and I'll get back to you with a plan of action.
Posted Image

#16 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 24 March 2013 - 06:09 PM

Thank you Tom. I look forward to hearing back from you. You've been a great help so far!!!!!

#17 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 25 March 2013 - 06:58 PM

I'd like you to do a little more diagnostics for me please:

Right click on the My Computer icon on your desktop and select Manage
Left click on the [+] next to Services and Applications to expand the tree.
Right click on WMI Control and select properties.

Does the top line in the box in the window that opens say "Successfully connected to <local computer>"?
Posted Image

#18 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 26 March 2013 - 05:56 PM

Hi Tom, No it does not!!!
It say Failed to Connect to <local computer>because "WMI: Critical Error'

#19 Tomk1

Tomk1

    Advanced Member

  • Trusted Advisors
  • PipPipPip
  • 214 posts
  • Gender:Male

Posted 26 March 2013 - 06:30 PM

OK... that is what I was expecting. WMI isn't working and what we've tried so far hasn't restarted it. I'll be back when I have a new plan to start it.

Do you have your XP disk in case we must do a repair install?
Posted Image

#20 MaryVan

MaryVan

    New Member

  • Members
  • Pip
  • 39 posts

Posted 26 March 2013 - 09:00 PM

I believe I do. I'll try to locate it while you are researching. Again, thanks for all your help and patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users