MaryVan

Can't Run Malwarebytes Run time Error 371

47 posts in this topic

Please help. I think I'm infected by some type of virus, trojan, rootkit, or all of the above. My desktop has been hijacked to look like a Windows Explorer view without the name of the window across the top and missing the File/Edit/View etc menu's. I have a photo of the desktop and can post it if there is a way. A wide blue bar runs down the left side of the widow similar to the Explorer view in folders mode and after clicking the 'X' close the Folders view. A bar with with Folder Tasks, Other Places and details shows. This is what my desktop looks like. Running Windows XP SP3.

Running AVG Free as my antivirus. When the system starts I get the Windows Security Alert. Eventhough AVG Antivirus is Runiing (or appears to be running) Windows does not recognize it.

I automatically assumed this to be a virus so I tried to run Malwarebytes and receive the Error:

"Run-Time error '373' Failed to load control 'WebBrowser' from ieframe.dll. Your version of ieframe.dll may be outdated. Make sure you are using the version of the control that was provided with your application".

The thread at this link ( http://forums.malwar...howtopic=120912 ) appears to be the same problem as I have. Maurice handled that thread but I see no results. I followed the instruction at "I'm infected what do I do". I downloaded and ran dds.txt and Attach.txt and they are both attached. I appreciate any and all help you can give. Thank you!!!!

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

.

==== Disk Partitions =========================

.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Ad-Aware SE Personal

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.5

AnswerWorks 4.0 Runtime - English

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoImpression 5

ATI Control Panel

ATI Display Driver

AVG 2013

Bonjour

Broadcom Advanced Control Suite 2

CCleaner

Creative MediaSource

Dell Digital Jukebox Driver

Dell Driver Reset Tool

Dell Media Experience

Dell Picture Studio v3.0

Dell Support Center (Support Software)

Dell System Restore

DellSupport

Desktop Hijack Fix

Desktop Hijack Fix (C:\Program Files\Desktop Hijack Fix\)

Desktop Hijack Fix (C:\Program Files\Desktop Hijack Fix\) #3

DMX Update

DVD Decrypter (Remove Only)

EPSON Print CD

EPSON Printer Software

EPSON Stylus Photo R380 User's Guide

ERUNT 1.1j

Eusing Free Registry Cleaner

Google Toolbar for Internet Explorer

Google Update Helper

HijackThis 2.0.2

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Intel Application Accelerator

Internet Explorer Default Page

iolo technologies' System Mechanic

iSEEK AnswerWorks English Runtime

iTunes

Java Auto Updater

Java 6 Update 31

Juniper Networks Network Connect 7.1.0

Juniper Networks Network Connect 7.2.0

Juniper Networks Secure Application Manager

Juniper Networks, Inc. Setup Client

Logitech MouseWare 9.79

Macromedia Flash Player

Malwarebytes Anti-Malware version 1.70.0.1100

MaxPerforma Optimizer

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Edition 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Sounds

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MobileMe Control Panel

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

PDFCreator

Photo Click

Photo Organizer

Photo Story 3 for Windows

Picasa 3

PowerDVD 5.5

PrimoPDF -- brought to you by Nitro PDF Software

QuickBooks Simple Start Special Edition

Quicken 2011

QuickTime

RealPlayer

Reimage Repair

Remove MiraScan USB Driver

SafeSearch

ScoreCard Golf

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Sonic Audio module

Sonic DLA

Sonic MyDVD LE

Sonic RecordNow Copy

Sonic RecordNow Data

Sound Blaster Live! 24-bit

Spybot - Search & Destroy

Turbo Tax Audit Support Center 2.0

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wrapper

TurboTax 2008 wriiper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2009 wriiper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmaiper

TurboTax 2010 wrapper

TurboTax 2010 wriiper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmaiper

TurboTax 2011 wrapper

TurboTax 2011 wriiper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wmaiper

TurboTax 2012 wrapper

TurboTax 2012 wriiper

TurboTax Deluxe 2005

TurboTax Deluxe 2007

TurboTax Deluxe Deduction Maximizer 2006

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

VCRedistSetup

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 8.0 ATL (x86) WinSXS MSM

Visual C++ 8.0 CRT (x86) WinSXS MSM

WebFldrs XP

WexTech AnswerWorks

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage v1.3.0254.0

Windows Installer Clean Up

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows PowerShell 1.0

WinUtilities 10.5 Free Edition

Wise Registry Cleaner Free 5.53

WordPerfect Office 12

XML Paper Specification Shared Components Pack 1.0

Yahoo! Software Update

Yahoo! Toolbar

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Bill at 17:58:51 on 2013-03-19

.

============== Running Processes ================

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Juniper Networks\Common Files\dsNcService.exe

C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe

C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

C:\WINDOWS\system32\locator.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

\??\C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: SafeSearch: {e27d5867-80de-4449-9c03-71707c0db05b} - c:\program files\safesearch\ie\adxloader.dll

TB: SafeSearch Toolbar: {fc0c0170-4eb0-430d-a7f3-939ee7ea1a25} - c:\program files\safesearch\ie\adxloader.dll

EB: &Research: {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program files\microsoft office\office11\REFIEBAR.DLL

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe

mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Logitech Utility] Logi_MwX.Exe

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

LSP: c:\progra~1\whalec~1\client~1\31265d~1.0\WhlLSP.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://sslvpn.amica.com/whalecom63bc792f8cfe821ccba43f03a785/whalecom0/tsweb/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://sslvpn.amica.com/InternalSite/WhlCompMgr.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxps://sslvpn.amica.com/whalecom63bc792f8cfe821ccba43f03a785/whalecom0/tsweb/msrdp.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://sslvpn.amica.com/dana-cached/setup/JuniperSetupSP1.cab

DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://sslvpn.amica.com/dana-cached/sc/JuniperSetupClient.cab

TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{8A47E909-0B9B-4B40-959B-1B282946BAA3} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"

FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"

.

=============== Created Last 30 ================

.

2013-03-19 20:12:55 67 ----a-w- C:\Ntf2.tmp

2013-03-19 20:12:55 179052 ----a-w- C:\Ntf1.tmp

2013-03-19 00:02:23 -------- dc-h--w- c:\windows\ie8

2013-03-18 23:56:59 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 23:56:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-18 23:22:35 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-18 23:22:34 -------- d-----w- c:\documents and settings\bill\application data\Malwarebytes

2013-03-18 23:22:21 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2013-03-17 23:36:22 -------- d-----w- c:\windows\ERUNT

2013-03-17 23:36:16 -------- d-----w- C:\JRT

2013-03-17 22:33:28 -------- d-----w- C:\rei

2013-03-17 22:33:23 -------- d-----w- c:\program files\Reimage

2013-03-17 15:51:27 -------- d-----w- c:\documents and settings\bill\application data\QuickScan

2013-03-17 15:41:36 -------- d-----w- c:\program files\Desktop Hijack Fix

2013-03-16 23:38:26 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-16 23:38:26 12928 ------w- c:\windows\system32\dllcache\usb8023.sys

2013-03-16 22:41:34 -------- d-----w- c:\program files\Wise Registry Cleaner

2013-03-16 21:18:27 177496 ----a-w- c:\windows\system32\drivers\32709681.sys

2013-03-16 19:35:27 -------- d-----w- c:\program files\MaxPerforma Optimizer

2013-03-16 19:12:15 -------- d-----w- c:\program files\Lavasoft

2013-03-14 01:11:33 -------- d-sha-r- C:\cmdcons

2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\wbem\snmp\smimsgif.dll

2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\wbem\snmp\smierrsy.dll

2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll

2013-03-14 00:20:53 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll

2013-03-14 00:20:53 15872 ----a-w- c:\windows\system32\wbem\snmp\smierrsm.dll

2013-03-14 00:20:53 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll

2013-03-14 00:20:53 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2013-03-14 00:20:53 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll

2013-03-13 00:35:21 74703 ----a-w- c:\windows\system32\mfc45.dll

2013-03-11 01:07:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll

2013-03-11 01:07:35 56200 ----a-w- c:\windows\system32\offreg.dll

2013-03-11 01:07:35 33280 ----a-w- c:\windows\system32\iolobtdfg.exe

2013-03-11 01:07:35 15360 ----a-w- c:\windows\system32\smrgdf.exe

2013-03-11 01:07:34 -------- d-----w- c:\program files\iolo

2013-03-11 01:05:42 -------- d-----w- c:\documents and settings\bill\application data\iolo

2013-03-10 15:27:20 -------- d-----w- C:\MGtools

2013-03-10 15:09:05 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-10 13:27:10 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro

2013-03-09 19:49:50 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-03-09 17:57:52 -------- d-----w- c:\documents and settings\bill\application data\AVSoftware

2013-03-09 17:57:47 -------- d-----w- c:\program files\SafeSearch

2013-03-02 18:24:14 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-24 23:24:14 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys

.

==================== Find3M ====================

.

2013-03-17 22:58:32 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-03-17 22:58:32 249856 ------w- c:\windows\Setup1.exe

2013-03-14 00:23:54 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 00:23:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-11 00:55:10 74703 ----a-w- c:\windows\system32\mfc45.dat

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-12 00:32:23 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19:45 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

.

============= FINISH: 18:00:06.68 ===============

post-133360-0-11456000-1363732271.jpg

post-133360-0-94558000-1363732285.jpg

Share this post


Link to post
Share on other sites

Hi MaryVan,

Welcome to Malwarebytes Forum

My name is Tomk1. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Let's give this tool a try:

Download ComboFix from here: http://download.blee...Bs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. b]CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Share this post


Link to post
Share on other sites

Hi Tomk1, thank you so much for helping me, I really appreciate your assistance. I downloaded Combofix, disabled my antivirus and ran it. The log from the scan follows. Thanks again for any and all help

ComboFix 13-03-20.02 - Bill 20/03/2013 19:52:09.6.2 - x86

Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))

.

.

2013-03-20 22:09 . 2013-03-20 23:33 859 ----a-w- C:\NtfA.tmp

2013-03-20 22:09 . 2013-03-20 22:09 67 ----a-w- C:\NtfB.tmp

2013-03-20 00:16 . 2013-03-20 00:20 8745337 ----a-w- C:\Ntf8.tmp

2013-03-20 00:16 . 2013-03-20 00:17 67 ----a-w- C:\Ntf9.tmp

2013-03-19 20:40 . 2013-02-05 20:05 11111424 ------w- c:\windows\system32\dllcache\ieframe.dll

2013-03-19 20:12 . 2013-03-19 23:05 282761 ----a-w- C:\Ntf1.tmp

2013-03-19 20:12 . 2013-03-19 20:12 67 ----a-w- C:\Ntf2.tmp

2013-03-19 00:02 . 2013-03-19 00:02 -------- dc-h--w- c:\windows\ie8

2013-03-18 23:56 . 2013-03-19 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-18 23:56 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 23:22 . 2013-03-19 21:53 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- c:\windows\ERUNT

2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- C:\JRT

2013-03-17 22:33 . 2013-03-17 22:35 -------- d-----w- C:\rei

2013-03-17 22:33 . 2013-03-17 22:33 -------- d-----w- c:\program files\Reimage

2013-03-17 15:51 . 2013-03-17 15:51 -------- d-----w- c:\documents and settings\Bill\Application Data\QuickScan

2013-03-17 15:41 . 2013-03-17 22:58 -------- d-----w- c:\program files\Desktop Hijack Fix

2013-03-17 15:13 . 2013-03-17 15:22 -------- d-----w- c:\program files\ERUNT

2013-03-16 23:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-16 23:38 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys

2013-03-16 22:41 . 2013-03-16 23:10 -------- d-----w- c:\program files\Wise Registry Cleaner

2013-03-16 21:18 . 2013-03-16 21:18 177496 ----a-w- c:\windows\system32\drivers\32709681.sys

2013-03-16 19:35 . 2013-03-16 19:35 -------- d-----w- c:\program files\MaxPerforma Optimizer

2013-03-16 19:12 . 2013-03-16 19:12 -------- d-----w- c:\program files\Lavasoft

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smimsgif.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smierrsy.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll

2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\wbem\SNMP\smierrsm.dll

2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll

2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll

2013-03-13 00:35 . 2013-03-13 00:35 74703 ----a-w- c:\windows\system32\mfc45.dll

2013-03-11 01:07 . 2012-04-17 13:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll

2013-03-11 01:07 . 2012-04-17 14:11 33280 ----a-w- c:\windows\system32\iolobtdfg.exe

2013-03-11 01:07 . 2012-04-17 14:11 15360 ----a-w- c:\windows\system32\smrgdf.exe

2013-03-11 01:07 . 2012-04-17 12:25 56200 ----a-w- c:\windows\system32\offreg.dll

2013-03-11 01:07 . 2013-03-11 01:07 -------- d-----w- c:\program files\iolo

2013-03-11 01:05 . 2013-03-13 23:34 -------- d-----w- c:\documents and settings\Bill\Application Data\iolo

2013-03-10 15:27 . 2013-03-16 00:26 -------- d-----w- C:\MGtools

2013-03-10 15:09 . 2013-03-10 15:27 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-10 13:27 . 2013-03-10 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-03-09 19:49 . 2013-03-16 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-03-09 19:42 . 2013-03-09 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2013-03-09 17:57 . 2013-03-09 17:57 -------- d-----w- c:\documents and settings\Bill\Application Data\AVSoftware

2013-03-09 17:57 . 2013-03-16 19:35 -------- d-----w- c:\program files\SafeSearch

2013-03-02 18:24 . 2013-03-14 00:23 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-02-24 23:24 . 2013-02-24 23:24 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-17 22:58 . 2008-11-13 01:56 249856 ------w- c:\windows\Setup1.exe

2013-03-17 22:58 . 2008-11-13 01:56 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-03-16 00:26 . 2013-03-10 15:27 366650 ----a-w- C:\MGlogs.zip

2013-03-14 00:23 . 2012-08-10 11:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 00:23 . 2012-08-10 11:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-11 00:55 . 2012-08-05 05:24 74703 ----a-w- c:\windows\system32\mfc45.dat

2013-02-20 05:13 . 2013-02-20 05:13 10 ----a-w- c:\windows\Fonts\wfonts.key

2013-02-12 00:32 . 2009-03-26 22:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-05 20:05 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-02-05 20:05 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:53 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 1980-01-01 05:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e27d5867-80de-4449-9c03-71707c0db05b}]

2012-07-26 01:09 508216 ----a-w- c:\program files\SafeSearch\ie\adxloader.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}"= "c:\program files\SafeSearch\ie\adxloader.dll" [2012-07-26 508216]

.

[HKEY_CLASSES_ROOT\clsid\{fc0c0170-4eb0-430d-a7f3-939ee7ea1a25}]

[HKEY_CLASSES_ROOT\SafeSearch.SafeSearch1]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-12-14 20:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-22 18:22 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Whale Communications\\Client Components\\3.1.0\\WhlClnt3.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

R2 Retrogamer_2zService;RetrogamerService; [x]

R3 DMService;Whale Component Manager; [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 MFE_RR;MFE_RR;c:\docume~1\Bill\LOCALS~1\Temp\mfe_rr.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 23:54]

.

2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]

.

2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]

.

2013-03-17 c:\windows\Tasks\MaxPerformaSys.job

- c:\program files\MaxPerforma Optimizer\MaxPerforma.exe [2013-03-16 21:41]

.

2013-03-17 c:\windows\Tasks\Reimage Reminder.job

- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-03-14 08:09]

.

2013-03-17 c:\windows\Tasks\Reimage ScanAgent.job

- c:\program files\Reimage\Reimage Repair\REI_ScanAgent.exe [2013-03-14 08:13]

.

2013-03-20 c:\windows\Tasks\SSVerify.job

- c:\program files\SafeSearch\se.exe [2013-03-09 22:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Connection Wizard,ShellNext = iexplore

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

LSP: c:\progra~1\WHALEC~1\CLIENT~1\31265D~1.0\WhlLSP.dll

Trusted Zone: localhost

Trusted Zone: turbotax.com

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE "%1"

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-20 19:58

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3326227057-3804168404-3607557-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-03-20 20:02:11

ComboFix-quarantined-files.txt 2013-03-21 00:02

.

Pre-Run: 22,041,350,144 bytes free

Post-Run: 21,981,650,944 bytes free

.

- - End Of File - - B40BD261AAA409C4C5163E0E27DC9399

Share this post


Link to post
Share on other sites

Hmm.... something still isn't correct in there.

Please download Farbar Service Scanner and run it on the computer

  • Make sure all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Share this post


Link to post
Share on other sites

Thanks Tomk1, I downloaded Farbar Service Scanner and I'm attaching the log to this reply. Again, thank you for your help. I have NOT tried to run or install Malwarebytes sicne beginning this thread. I'm assuming you'll tell me when to try that. Any ideas what I might have here?

Mary

Farbar Service Scanner Version: 03-03-2013

Ran by Bill (administrator) on 21-03-2013 at 19:27:58

Running from "C:\Documents and Settings\Bill\Desktop"

Microsoft Windows XP Service Pack 3 (X86)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Security Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit

C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit

C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit

C:\WINDOWS\system32\netman.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\srsvc.dll => MD5 is legit

C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit

C:\WINDOWS\system32\wscsvc.dll => MD5 is legit

C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit

C:\WINDOWS\system32\wuauserv.dll

[2004-08-04 06:00] - [2008-04-13 20:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A

C:\WINDOWS\system32\qmgr.dll => MD5 is legit

C:\WINDOWS\system32\es.dll => MD5 is legit

C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit

C:\WINDOWS\system32\svchost.exe => MD5 is legit

C:\WINDOWS\system32\rpcss.dll => MD5 is legit

C:\WINDOWS\system32\services.exe

[2004-08-04 06:00] - [2009-02-06 07:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315

Extra List:

=======

Avgtdix(9) Gpc(6) IPSec(4) NEOFLTR_710_19243(10) NetBT(5) PSched(7) Tcpip(3)

0x0A000000040000000100000002000000030000000A0000000900000005000000080000000600000007000000

IpSec Tag value is correct.

**** End of log ****

Share this post


Link to post
Share on other sites

I haven't found anything nefarious yet (virus, trojan, whatever). All I see is that for some reason your operating system isn't "firing on all cylinders". I'm trying to figure out why.

Let's try some resetting of the system.

Download Windows Repair (All in One) from this site

Install the program then run it.

NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".

NOTE 2. Disable your antivirus program before running Windows Repair.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22002979.gif

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22002980.gif

Go to Step 4 and under "System Restore" click on Create button:

p22002982.gif

Go to Start Repairs tab and click Start button.

Leave all checkmarks as they're.

NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.

Click on Start button.

p22003030.gif

Post Windows Repair log (_windows_repair_log.txt) which is located in the following folder:

64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs

32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

Share this post


Link to post
Share on other sites

Hi Tom, I downloaded the Windows Repair (All in One) tool and tried installing it and received the following error:

Could not create shortcut:

C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com\Window Repair (All in One)\Uninstall

Tweaking.com - Windows Repair (All in one).lnk

The site had several places to download from, I tried them all and received the same problem each time. One of the download sites offered afree scan from Reimage PC Repair online. I figured what the heck and ran the free scan. It came back with 15 stability Issues, 1 Virus, and Windows Damage Severity = High. I don't know anything about this Online scan and fix by Reimage so I I did not fix anything plus they want $40.00 for a one time fix. Not sure of the site or software is trustworthy but figured I'd pass it on. Still looking for help and next steps, thanks for everythign so far.

Share this post


Link to post
Share on other sites

I found the repair tool in my programs folder it ctually installed eventhough I received the error in my previous post I'm running now. Sorry about the previous post. I post again shortly when done running the tool.

Share this post


Link to post
Share on other sites

Not a problem.

As far as the PC image repair program... I don't know anything about it. Personally I don't trust any program I read about in an ad. Most of them come with adware at a minimum. Also, alot of that type of program install a "trace" of an infection so that they can show you that they found something no one else did and then try to get you to pay them for the repair. We refer to those programs as rogues. If you run them on 10 computers they will show the same problem with all 10.

Share this post


Link to post
Share on other sites

Hi Tom here is the Windows_Repair_log_txt. Even after the restarts, I still have the desktop that resembles an explorer window. Thanks for the info on those rogue pieces of software. Here's the log. Again thanks for the help so for. Looking forward to the next round of fixes :lol:

Running Repair Under System Account

Starting Repairs...

Start (22/03/2013 10:27:12 PM)

Reset Registry Permissions 01/03

HKEY_CURRENT_USER & Sub Keys

Start (22/03/2013 10:27:12 PM)

Running Repair Under Current User Account

Done (22/03/2013 10:27:21 PM)

Reset Registry Permissions 02/03

HKEY_LOCAL_MACHINE & Sub Keys

Start (22/03/2013 10:27:21 PM)

Running Repair Under System Account

Done (22/03/2013 10:28:41 PM)

Reset Registry Permissions 03/03

HKEY_CLASSES_ROOT & Sub Keys

Start (22/03/2013 10:28:41 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:22 PM)

Reset File Permissions 01/34

C:\$AVG & Sub Folders

Start (22/03/2013 10:29:22 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:25 PM)

Reset File Permissions 02/34

C:\7e1ff50de35d68c177a8d4c9640deb & Sub Folders

Start (22/03/2013 10:29:25 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:27 PM)

Reset File Permissions 03/34

C:\A MyLeague & Sub Folders

Start (22/03/2013 10:29:27 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:29 PM)

Reset File Permissions 04/34

C:\A MyLeague Test & Sub Folders

Start (22/03/2013 10:29:29 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:32 PM)

Reset File Permissions 05/34

C:\c7bc68329dbab11061fc4cebbfa75bff & Sub Folders

Start (22/03/2013 10:29:32 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:34 PM)

Reset File Permissions 06/34

C:\cmdcons & Sub Folders

Start (22/03/2013 10:29:34 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:37 PM)

Reset File Permissions 07/34

C:\ConverterOutput & Sub Folders

Start (22/03/2013 10:29:37 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:39 PM)

Reset File Permissions 08/34

C:\DELL & Sub Folders

Start (22/03/2013 10:29:39 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:41 PM)

Reset File Permissions 09/34

C:\DRIVERS & Sub Folders

Start (22/03/2013 10:29:41 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:44 PM)

Reset File Permissions 10/34

C:\elgae & Sub Folders

Start (22/03/2013 10:29:44 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:46 PM)

Reset File Permissions 11/34

C:\Email_Me & Sub Folders

Start (22/03/2013 10:29:46 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:49 PM)

Reset File Permissions 12/34

C:\EPSONREG & Sub Folders

Start (22/03/2013 10:29:49 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:51 PM)

Reset File Permissions 13/34

C:\Games & Sub Folders

Start (22/03/2013 10:29:51 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:53 PM)

Reset File Permissions 14/34

C:\GanttAdn & Sub Folders

Start (22/03/2013 10:29:53 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:56 PM)

Reset File Permissions 15/34

C:\GOO26S & Sub Folders

Start (22/03/2013 10:29:56 PM)

Running Repair Under System Account

Done (22/03/2013 10:29:58 PM)

Reset File Permissions 16/34

C:\I386 & Sub Folders

Start (22/03/2013 10:29:58 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:35 PM)

Reset File Permissions 17/34

C:\iolo & Sub Folders

Start (22/03/2013 10:30:35 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:37 PM)

Reset File Permissions 18/34

C:\JRT & Sub Folders

Start (22/03/2013 10:30:37 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:40 PM)

Reset File Permissions 19/34

C:\LXKZ52 & Sub Folders

Start (22/03/2013 10:30:40 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:42 PM)

Reset File Permissions 20/34

C:\MGtools & Sub Folders

Start (22/03/2013 10:30:42 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:44 PM)

Reset File Permissions 21/34

C:\MSOCache & Sub Folders

Start (22/03/2013 10:30:44 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:47 PM)

Reset File Permissions 22/34

C:\My Downloads & Sub Folders

Start (22/03/2013 10:30:47 PM)

Running Repair Under System Account

Done (22/03/2013 10:30:49 PM)

Reset File Permissions 23/34

C:\Program Files & Sub Folders

Start (22/03/2013 10:30:49 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:08 PM)

Reset File Permissions 24/34

C:\Qoobox & Sub Folders

Start (22/03/2013 10:33:08 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:10 PM)

Reset File Permissions 25/34

C:\rei & Sub Folders

Start (22/03/2013 10:33:10 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:13 PM)

Reset File Permissions 26/34

C:\Richmond Golf League AutoBkUp & Sub Folders

Start (22/03/2013 10:33:13 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:15 PM)

Reset File Permissions 27/34

C:\Richmond Golf League AutoBkUp & Sub Folders

Start (22/03/2013 10:33:15 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:18 PM)

Reset File Permissions 28/34

C:\Richmond Golf League BkUp & Sub Folders

Start (22/03/2013 10:33:18 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:20 PM)

Reset File Permissions 29/34

C:\ScoreCard Works & Sub Folders

Start (22/03/2013 10:33:20 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:26 PM)

Reset File Permissions 30/34

C:\scPics & Sub Folders

Start (22/03/2013 10:33:26 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:29 PM)

Reset File Permissions 31/34

C:\Scratch & Sub Folders

Start (22/03/2013 10:33:29 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:31 PM)

Reset File Permissions 32/34

C:\sh4ldr & Sub Folders

Start (22/03/2013 10:33:31 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:34 PM)

Reset File Permissions 33/34

C:\TDSSKiller_Quarantine & Sub Folders

Start (22/03/2013 10:33:34 PM)

Running Repair Under System Account

Done (22/03/2013 10:33:36 PM)

Reset File Permissions 34/34

C:\WINDOWS & Sub Folders

Start (22/03/2013 10:33:36 PM)

Running Repair Under System Account

Done (22/03/2013 10:35:28 PM)

Register System Files

Start (22/03/2013 10:35:28 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:37:38 PM)

Repair WMI

Start (22/03/2013 10:37:38 PM)

Running Repair Under Current User Account

The system cannot find the path specified.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.

Running Repair Under System Account

The system cannot find the path specified.

Done (22/03/2013 10:38:15 PM)

Repair Windows Firewall

Start (22/03/2013 10:38:15 PM)

Running Repair Under Current User Account

System error 1060 has occurred.

The specified service does not exist as an installed service.

The Windows Firewall/Internet Connection Sharing (ICS) service is not started.

More help is available by typing NET HELPMSG 3521.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Running Repair Under System Account

System error 1060 has occurred.

The specified service does not exist as an installed service.

System error 1060 has occurred.

The specified service does not exist as an installed service.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

The service name is invalid.

More help is available by typing NET HELPMSG 2185.

Done (22/03/2013 10:38:23 PM)

Repair Internet Explorer

Start (22/03/2013 10:38:23 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:39:41 PM)

Remove Policies Set By Infections

Start (22/03/2013 10:39:41 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:39:45 PM)

Repair Icons

Start (22/03/2013 10:39:45 PM)

Running Repair Under System Account

Could Not Find C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db.bak

Could Not Find C:\Documents and Settings\Bill\Local Settings\Application Data\IconCache.db

Done (22/03/2013 10:39:48 PM)

Repair Winsock & DNS Cache

Start (22/03/2013 10:39:48 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:39:52 PM)

Repair Proxy Settings

Start (22/03/2013 10:39:52 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:39:57 PM)

Repair Windows Updates

Start (22/03/2013 10:39:57 PM)

Running Repair Under Current User Account

The BITS service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.

Running Repair Under System Account

The BITS service is not started.

More help is available by typing NET HELPMSG 3521.

The Automatic Updates service is not started.

More help is available by typing NET HELPMSG 3521.

The system cannot find the file specified.

Done (22/03/2013 10:40:42 PM)

Repair MSI (Windows Installer)

Start (22/03/2013 10:40:42 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:40:51 PM)

Repair bat Association

Start (22/03/2013 10:40:51 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:40:55 PM)

Repair cmd Association

Start (22/03/2013 10:40:55 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:00 PM)

Repair com Association

Start (22/03/2013 10:41:00 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:05 PM)

Repair Directory Association

Start (22/03/2013 10:41:05 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:09 PM)

Repair Drive Association

Start (22/03/2013 10:41:09 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:14 PM)

Repair exe Association

Start (22/03/2013 10:41:14 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:18 PM)

Repair Folder Association

Start (22/03/2013 10:41:18 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:23 PM)

Repair inf Association

Start (22/03/2013 10:41:23 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:28 PM)

Repair lnk (Shortcuts) Association

Start (22/03/2013 10:41:28 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:32 PM)

Repair msc Association

Start (22/03/2013 10:41:32 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:37 PM)

Repair reg Association

Start (22/03/2013 10:41:37 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:41 PM)

Repair scr Association

Start (22/03/2013 10:41:41 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:46 PM)

Repair Print Spooler

Start (22/03/2013 10:41:46 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:41:59 PM)

Restore Important Windows Services

Start (22/03/2013 10:41:59 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:42:03 PM)

Set Windows Services To Default Startup

Start (22/03/2013 10:42:03 PM)

Running Repair Under Current User Account

Running Repair Under System Account

Done (22/03/2013 10:42:20 PM)

Cleaning up empty logs...

All Selected Repairs Done.

Done (22/03/2013 10:42:20 PM)

Total Repair Time: 00:15:08

...YOU MUST RESTART YOUR SYSTEM...

Running Repair Under System Account

Share this post


Link to post
Share on other sites

It didn't fix things.

Please click here and run the Microsoft FixIt.

Share this post


Link to post
Share on other sites

Hi Tom, I tried 2 different methods to run Microsoft fix it and neither way allows me to runi it. First I simply tried to run it straight from Microsoft's website and received the error:

We're sorry, you do not have the permission to run this program

This program does not support the 'Runas' feature. To resolve this problem, log onto Windows as an administrator or as a user who has administrator level credentials.

Next I saved the app to my desktop and tried running it from there. I received the same error. I only have one user on this machine and it has administrator rights.

Just to make sure I created another user on the machine and made sure it had administrator rights. A funny thing happened, the second user (named Test) had a normal desktop view, not like the view I provided in my initial post. When I ran Microsoft fix it under that user it received this error:

Troubleshooting cannot continue because an error has occurred

We’re sorry but the program encountered an error and co not continue please try again later

Also I can now start antimalwarebytes under either user. Not sure which fix allowed that. I ran the scan and it came up with no infections. Windows security alert still pops up regardless of the user I am signed on as stating that my “virus protection is not found though”. I can see it running in my task bar and if I click on the icon it opens AVG Anti Virus.

Share this post


Link to post
Share on other sites

Please do me a favor and try running ComboFix under your "test" user.

Share this post


Link to post
Share on other sites

I ran Combofix on the new user (Test). Here is the listing from the run, what would you like me to try next?

ComboFix 13-03-24.03 - Test 03/24/2013 14:20:08.7.2 - x86

Running from: c:\documents and settings\Test\Desktop\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-02-24 to 2013-03-24 )))))))))))))))))))))))))))))))

.

.

2013-03-24 15:42 . 2013-03-24 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar

2013-03-24 13:46 . 2013-03-24 13:46 -------- d-----w- c:\documents and settings\Bill\Local Settings\Application Data\AVG SafeGuard toolbar

2013-03-24 13:46 . 2013-03-24 13:46 67 ----a-w- C:\Ntf9.tmp

2013-03-24 13:46 . 2013-03-24 13:46 67 ----a-w- C:\Ntf8.tmp

2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\documents and settings\Bill\Application Data\AVG SafeGuard toolbar

2013-03-24 13:09 . 2013-03-24 13:09 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- c:\program files\AVG SafeGuard toolbar

2013-03-24 13:09 . 2013-03-24 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013

2013-03-24 13:09 . 2013-03-24 13:09 -------- d-----w- C:\$AVG

2013-03-23 16:39 . 2013-03-24 16:41 -------- d-----w- c:\documents and settings\Test

2013-03-23 01:38 . 2001-08-17 17:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys

2013-03-23 01:37 . 2001-08-17 16:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2013-03-23 01:36 . 2001-08-17 17:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys

2013-03-23 01:35 . 2001-08-17 18:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys

2013-03-23 01:34 . 2001-08-18 02:36 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll

2013-03-23 01:33 . 2001-08-18 02:36 12288 ----a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll

2013-03-23 01:32 . 2001-08-17 18:56 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll

2013-03-23 01:31 . 2001-08-18 02:36 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll

2013-03-23 01:30 . 2001-08-17 16:19 3840 ----a-w- c:\windows\system32\dllcache\rpfun.sys

2013-03-23 01:29 . 2001-08-17 17:53 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys

2013-03-23 01:28 . 2001-08-18 02:36 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll

2013-03-23 01:27 . 2001-08-17 16:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys

2013-03-23 01:26 . 2004-08-04 10:00 229439 ----a-w- c:\windows\system32\dllcache\multibox.dll

2013-03-23 01:25 . 2001-08-17 16:12 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys

2013-03-23 01:24 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll

2013-03-23 01:23 . 2001-08-17 18:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys

2013-03-23 01:22 . 2001-08-17 17:28 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys

2013-03-23 01:21 . 2001-08-17 17:51 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys

2013-03-23 01:20 . 2004-08-04 10:00 45056 ----a-w- c:\windows\system32\dllcache\esunid.dll

2013-03-23 01:19 . 2001-08-17 16:10 24653 ----a-w- c:\windows\system32\dllcache\el574nd4.sys

2013-03-23 01:18 . 2001-08-18 02:36 110592 ----a-w- c:\windows\system32\dllcache\dc260usd.dll

2013-03-23 01:17 . 2001-08-17 16:13 22044 ----a-w- c:\windows\system32\dllcache\cem33n5.sys

2013-03-23 01:16 . 2001-08-18 02:36 87552 ----a-w- c:\windows\system32\dllcache\avmcoxp.dll

2013-03-23 01:14 . 2001-08-17 18:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2013-03-23 01:02 . 2013-03-23 02:42 181064 ----a-w- c:\windows\PSEXESVC.EXE

2013-03-22 23:58 . 2013-03-22 23:58 -------- d-----w- c:\program files\Tweaking.com

2013-03-19 20:40 . 2013-02-05 20:05 11111424 ----a-w- c:\windows\system32\dllcache\ieframe.dll

2013-03-19 00:02 . 2013-03-19 00:02 -------- dc-h--w- c:\windows\ie8

2013-03-18 23:56 . 2013-03-23 17:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-03-18 23:56 . 2012-12-14 20:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\Bill\Application Data\Malwarebytes

2013-03-18 23:22 . 2013-03-18 23:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- c:\windows\ERUNT

2013-03-17 23:36 . 2013-03-17 23:36 -------- d-----w- C:\JRT

2013-03-17 22:33 . 2013-03-23 00:03 -------- d-----w- C:\rei

2013-03-17 22:33 . 2013-03-17 22:33 -------- d-----w- c:\program files\Reimage

2013-03-17 15:51 . 2013-03-17 15:51 -------- d-----w- c:\documents and settings\Bill\Application Data\QuickScan

2013-03-17 15:41 . 2013-03-17 22:58 -------- d-----w- c:\program files\Desktop Hijack Fix

2013-03-17 15:13 . 2013-03-17 15:22 -------- d-----w- c:\program files\ERUNT

2013-03-16 22:41 . 2013-03-23 16:37 -------- d-----w- c:\program files\Wise Registry Cleaner

2013-03-16 21:18 . 2013-03-16 21:18 177496 ----a-w- c:\windows\system32\drivers\32709681.sys

2013-03-16 19:35 . 2013-03-16 19:35 -------- d-----w- c:\program files\MaxPerforma Optimizer

2013-03-16 19:12 . 2013-03-16 19:12 -------- d-----w- c:\program files\Lavasoft

2013-03-16 06:30 . 2013-03-16 06:30 4546560 ----a-w- c:\windows\system32\GPhotos.scr

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smimsgif.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\wbem\SNMP\smierrsy.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smimsgif.dll

2013-03-14 00:20 . 2004-08-04 10:00 5632 ----a-w- c:\windows\system32\dllcache\smierrsy.dll

2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\wbem\SNMP\smierrsm.dll

2013-03-14 00:20 . 2004-08-04 10:00 15872 ----a-w- c:\windows\system32\dllcache\smierrsm.dll

2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll

2013-03-14 00:20 . 2004-08-04 10:00 10240 ----a-w- c:\windows\system32\dllcache\snmpstup.dll

2013-03-13 00:35 . 2013-03-13 00:35 74703 ----a-w- c:\windows\system32\mfc45.dll

2013-03-11 01:07 . 2012-04-17 13:37 2095816 ----a-w- c:\windows\system32\Incinerator32.dll

2013-03-11 01:07 . 2012-04-17 14:11 33280 ----a-w- c:\windows\system32\iolobtdfg.exe

2013-03-11 01:07 . 2012-04-17 14:11 15360 ----a-w- c:\windows\system32\smrgdf.exe

2013-03-11 01:07 . 2012-04-17 12:25 56200 ----a-w- c:\windows\system32\offreg.dll

2013-03-11 01:07 . 2013-03-11 01:07 -------- d-----w- c:\program files\iolo

2013-03-11 01:05 . 2013-03-23 16:37 -------- d-----w- c:\documents and settings\Bill\Application Data\iolo

2013-03-10 15:27 . 2013-03-16 00:26 -------- d-----w- C:\MGtools

2013-03-10 15:09 . 2013-03-10 15:27 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-10 13:27 . 2013-03-10 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2013-03-09 19:49 . 2013-03-16 20:28 -------- d-----w- c:\program files\Spybot - Search & Destroy

2013-03-09 19:42 . 2013-03-09 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion

2013-03-09 17:57 . 2013-03-09 17:57 -------- d-----w- c:\documents and settings\Bill\Application Data\AVSoftware

2013-03-09 17:57 . 2013-03-16 19:35 -------- d-----w- c:\program files\SafeSearch

2013-03-02 18:24 . 2013-03-14 00:23 15859416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2013-03-01 14:32 . 2013-03-01 14:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 03:40 . 2013-02-27 03:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-02-24 23:24 . 2013-02-24 23:24 54016 ----a-w- c:\windows\system32\drivers\fysrhxt.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-17 22:58 . 2008-11-13 01:56 249856 ----a-w- c:\windows\Setup1.exe

2013-03-17 22:58 . 2008-11-13 01:56 73216 ----a-w- c:\windows\ST6UNST.EXE

2013-03-16 00:26 . 2013-03-10 15:27 366650 ----a-w- C:\MGlogs.zip

2013-03-14 00:23 . 2012-08-10 11:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 00:23 . 2012-08-10 11:47 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-11 00:55 . 2012-08-05 05:24 74703 ----a-w- c:\windows\system32\mfc45.dat

2013-02-20 05:13 . 2013-02-20 05:13 10 ----a-w- c:\windows\Fonts\wfonts.key

2013-02-14 07:52 . 2013-02-14 07:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-02-12 00:32 . 2009-03-26 22:14 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2004-08-04 10:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-08 08:37 . 2013-02-08 08:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2013-02-08 08:37 . 2013-02-08 08:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-02-08 08:37 . 2013-02-08 08:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-02-08 08:37 . 2013-02-08 08:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-02-08 08:37 . 2013-02-08 08:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-02-05 20:05 . 2004-08-04 10:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 20:05 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2013-02-05 20:05 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-05 05:53 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec

2013-01-26 03:55 . 2004-08-04 10:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:19 . 1980-01-01 05:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:37 . 1980-01-01 05:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-04 10:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-04 10:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49 . 2004-08-04 10:00 1292288 ----a-w- c:\windows\system32\quartz.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-03-24 13:09 1929392 ----a-w- c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll" [2013-03-24 1929392]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]

"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941]

"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 19968]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]

"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-03-24 1151152]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0???,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0?,\0autocheck autochk *\0autocheck smrgdf c:\documents and settings\Bill\Application Data\iolo\\0\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]

2012-12-14 20:49 512360 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-09-22 18:22 198160 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Whale Communications\\Client Components\\3.1.0\\WhlClnt3.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

R2 Retrogamer_2zService;RetrogamerService; [x]

R3 cpuz134;cpuz134;c:\docume~1\Bill\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [x]

R3 DMService;Whale Component Manager; [x]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]

R3 MFE_RR;MFE_RR;c:\docume~1\Bill\LOCALS~1\Temp\mfe_rr.sys [x]

R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 NEOFLTR_710_19243;Juniper Networks TDI Filter Driver (NEOFLTR_710_19243);c:\windows\system32\Drivers\NEOFLTR_710_19243.SYS [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 23:54]

.

2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]

.

2013-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 00:02]

.

2013-03-24 c:\windows\Tasks\MaxPerformaSys.job

- c:\program files\MaxPerforma Optimizer\MaxPerforma.exe [2013-03-16 21:41]

.

2013-03-17 c:\windows\Tasks\Reimage Reminder.job

- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-03-19 13:53]

.

2013-03-17 c:\windows\Tasks\Reimage ScanAgent.job

- c:\program files\Reimage\Reimage Repair\REI_ScanAgent.exe [2013-03-19 13:55]

.

2013-03-24 c:\windows\Tasks\SSVerify.job

- c:\program files\SafeSearch\se.exe [2013-03-09 22:50]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.dell4me.com/mywaybiz

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE "%1"

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-03-24 14:28

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3326227057-3804168404-3607557-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(6116)

c:\windows\system32\WININET.dll

c:\program files\Logitech\MouseWare\System\LgWndHk.dll

c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

Completion time: 2013-03-24 14:31:35

ComboFix-quarantined-files.txt 2013-03-24 18:31

ComboFix2.txt 2013-03-21 00:02

.

Pre-Run: 21,713,223,680 bytes free

Post-Run: 21,802,401,792 bytes free

.

- - End Of File - - 73971FB1AE9F9A31B52061462A5F1868

Share this post


Link to post
Share on other sites

Things are still not working there as they should. Let me do some more research and I'll get back to you with a plan of action.

Share this post


Link to post
Share on other sites

Thank you Tom. I look forward to hearing back from you. You've been a great help so far!!!!!

Share this post


Link to post
Share on other sites

I'd like you to do a little more diagnostics for me please:

Right click on the My Computer icon on your desktop and select Manage

Left click on the [+] next to Services and Applications to expand the tree.

Right click on WMI Control and select properties.

Does the top line in the box in the window that opens say "Successfully connected to <local computer>"?

Share this post


Link to post
Share on other sites

Hi Tom, No it does not!!!

It say Failed to Connect to <local computer>because "WMI: Critical Error'

Share this post


Link to post
Share on other sites

OK... that is what I was expecting. WMI isn't working and what we've tried so far hasn't restarted it. I'll be back when I have a new plan to start it.

Do you have your XP disk in case we must do a repair install?

Share this post


Link to post
Share on other sites

I believe I do. I'll try to locate it while you are researching. Again, thanks for all your help and patience.

Share this post


Link to post
Share on other sites

OK... Let's try rebuilding the WMI

Please open Notepad

  1. Click Start , then Run
  2. Type notepad.exe in the Run Box.
    Copy and Paste everything from the Quote box into Notepad:
    @echo off
    sc config winmgmt start= disabled
    net stop winmgmt
    cd %windir%\system32\wbem
    rename repository repository.old
    sc config winmgmt start= auto
    cd %windir%\system32\wbem
    for /f %s in ('dir /b *.mof *.mfl') do mofcomp %s
  3. Save the file to your DESKTOP as "wmi.bat". Make sure to save it with the quotes. Once saved, the icon to click should look like this on your desktop:bat.png
  4. Double click wmi.bat.

Then reboot your system and then do the check in post #17 again.

Share this post


Link to post
Share on other sites

OK, I saved the file to my desktop as instructed. When I ran it a window appeared stating

Security Center

Windows Firewall/Internet Sharing <ICS>

Do you want to continue this operation? <Y/N> [N]:

I entered a Y and it ran to completion. I restarted my computer and followed Post 17

and the message still states

Failed to connect to <local computer>

because "WMI: Critical error"

:(

Share this post


Link to post
Share on other sites

Did you find your Windows disk?

I'm beginning to think I'm wasting your time.

Share this post


Link to post
Share on other sites

Yes I did. It came with the PC and is called Reinstallation CD but says Microsoft Windows XP Professonal

Please I appreciate everything you've tried. Something my have severly compromised my system. Again, thanks for your help to date

Share this post


Link to post
Share on other sites

There are two ways you can go here.

  1. You can reformat and do a fresh install
  2. You can reinstall (repair install) over the top of your current installation.

Do you know how to do this or would you like a guide?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.