Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Can't run AVG!! "...prevented by a software restriction policy"

This is a discussion on Can't run AVG!! "...prevented by a software restriction policy" within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I am trying to debug this problem on a friends computer. I would appreciate any help you can provide


 
 
Thread Tools Search this Thread
Old 05-19-2015, 05:03 AM   #1
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



Hello,
I am trying to debug this problem on a friends computer. I would appreciate any help you can provide as this issue is beyond my ability to resolve. Listed below are the computer specs and what I have done thus far.

Windows XP Home edition 32-bit
Service Pack-3
AMD Athlon 64bit x2

AVG Does not show in the task bar.
Malwarebytes installed and run.
Adwcleaner installed and run
FRST installed, stops at "Processing Files: Extra check..."

Thank you for any help you can provide.

James
JxColeman is offline  
Sponsored Links
Advertisement
 
Old 05-19-2015, 05:17 AM   #2
Security Team
Analyst
 
Valinorum's Avatar
 
Join Date: Jul 2012
Location: Earth
Posts: 12
OS: Window 10 Pro (x64)



Hello James,

How long did FRST stall? Please re-run the scan and report to me if it stalls for more than thirty minutes. Do you see the log files named FRST.txt and Addition.txt? They are located in the same folder with FRST64.exe. Please post them if you see them.

Regards,
Valinorum
__________________
GeekU Graduate
Member of UNITE

Valinorum is offline  
Old 05-19-2015, 10:06 PM   #3
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



Hello Valinorum. Thank you for your help.

FRST stalls and after waiting 1+ hr. I cancel it.

The FRST.txt details are below. The Addition.Txt file is not created.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-05-2015
Ran by Basil Osbourne (administrator) on MAINOFFICE on 19-05-2015 23:48:10
Running from C:\Documents and Settings\Basil Osbourne\Desktop
Loaded Profiles: Basil Osbourne (Available profiles: Basil Osbourne & Virginia Osbourne & Raymond Lewis & Tonio)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
() C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LComMgr\LVComSX.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Hewlett-Packard Co.) C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
(Hewlett-Packard Co.) C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgmfapx.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [196608 2001-11-29] (HP)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [282624 2007-05-12] (Apple Inc.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [14854144 2005-09-22] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [LogitechCommunicationsManager] => C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [488984 2007-02-08] (Logitech Inc.)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [774168 2007-02-08] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [UpdateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] => C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] => C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] => C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] => C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] => C:\Program Files\lg_fwupdate\lgfw.exe [27760 2012-08-11] (Bitleader)
HKLM\...\Run: [UpdatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-09-29] (CyberLink Corp.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe [32768 2008-10-02] (Sage Software, Inc.)
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [UserFaultCheck] => %systemroot%\system32\dumprep 0 -u
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3745232 2015-04-15] (AVG Technologies CZ, s.r.o.)
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [Yahoo! Pager] => C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [4670704 2007-08-17] (Yahoo! Inc.)
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [updateMgr] => C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [313472 2006-03-30] (Adobe Systems Incorporated)
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [ComcastAntispyClient] => "C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-11-11] (Google Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2007-08-30]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2007-05-12]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk [2007-05-12]
ShortcutTarget: HP Photosmart Premier Fast Start.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp psc 700 series) - 1.lnk [2012-05-08]
ShortcutTarget: HPAiODevice(hp psc 700 series) - 1.lnk -> C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\Virginia Osbourne\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-06-08]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.comcast.net/toolbar2.0/search/
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\Software\Microsoft\Internet Explorer\Main,Search Page = https://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = msn
SearchScopes: HKLM -> ComcastSearch URL = {searchTerms} - Xfinity.com Search
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms - YHS 3 Auto Yahoo Search Results}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> Comcast URL = {searchTerms} - Xfinity.com Search
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {A9B172AB-43AF-4E9F-A44F-FDE745B1E72C} URL = {searchTerms} - Google Search
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {AB23AC6D-1FE1-4974-831F-1C90746330C6} URL = {searchTerms} - Bing
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms} - Search
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03] (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\.DEFAULT -> No Name - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
Toolbar: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> No Name - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
Toolbar: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} https://update.microsoft.com/windowsu...?1178633208467
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} https://update.microsoft.com/microsof...?1178633767186
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload2.macromedia.com/ge...sh/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-13] (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-08-16] (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3 -> C:\Program Files\Yahoo!\Shared\npYState.dll [2007-08-17] (Yahoo! Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-19] (Google Inc.)
FF Plugin: [email protected]/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll No File
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010-01-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-08-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\12.2.5.32
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3438032 2015-04-15] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [311792 2015-04-15] (AVG Technologies CZ, s.r.o.)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-03-07] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
S2 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [455968 2007-09-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [271760 2009-04-15] ()
S2 AntiSpywareService; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [211424 2015-04-09] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [166880 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [269792 2015-03-11] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [110048 2015-04-03] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-04-07] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [26984 2012-11-08] () [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation)
S3 gdrv; C:\WINDOWS\gdrv.sys [4501 2010-09-09] (Windows (R) 2000 DDK provider) [File not signed]
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-21] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-21] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-21] (HP)
S3 LVcKap; C:\WINDOWS\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\WINDOWS\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
R3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
S3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41504 2007-02-03] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [34176 2006-02-16] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13056 2006-02-16] (NVIDIA Corporation)
S3 PID_0928; C:\WINDOWS\System32\DRIVERS\LV561AV.SYS [490784 2007-02-03] (Logitech Inc.)
R0 PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [46080 2005-08-19] (Sonic Solutions) [File not signed]
S3 USBCM; C:\WINDOWS\System32\DRIVERS\Sacm2A.sys [15429 2004-06-10] ( )
S3 wceusbsh; C:\WINDOWS\System32\DRIVERS\wceusbsh.sys [31273 2001-05-05] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\BASILO~1\LOCALS~1\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\DOCUME~1\BASILO~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [X]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 23:48 - 2015-05-19 23:48 - 00023220 _____ () C:\Documents and Settings\Basil Osbourne\Desktop\FRST.txt
2015-05-19 23:46 - 2015-05-19 23:46 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Desktop\FRST-OlderVersion
2015-05-19 07:54 - 2015-05-19 07:57 - 00060928 _____ () C:\WINDOWS\md5deep.exe
2015-05-19 07:53 - 2015-05-19 08:07 - 00033170 _____ () C:\Documents and Settings\Basil Osbourne\Desktop\oldFRST.txt
2015-05-19 07:52 - 2015-05-19 23:48 - 00000000 ____D () C:\FRST
2015-05-19 07:52 - 2015-05-19 23:46 - 01146880 _____ (Farbar) C:\Documents and Settings\Basil Osbourne\Desktop\FRST.exe
2015-05-18 21:48 - 2015-05-18 21:48 - 00000000 ____D () C:\Documents and Settings\Tonio.MAINOFFICE\Local Settings\temp
2015-05-18 21:48 - 2015-05-18 21:48 - 00000000 ____D () C:\Documents and Settings\Tonio.MAINOFFICE.000\Local Settings\temp
2015-05-18 21:48 - 2015-05-18 21:48 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2015-05-18 21:48 - 2015-05-18 21:48 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2015-05-18 21:40 - 2015-05-18 21:40 - 00000000 _RSHD () C:\cmdcons
2015-05-18 21:40 - 2007-05-08 11:12 - 00000211 _____ () C:\Boot.bak
2015-05-18 21:40 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-05-18 18:54 - 2015-05-18 21:50 - 00000000 ___SD () C:\ComboFix
2015-05-18 18:54 - 2011-06-26 02:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-05-18 18:54 - 2010-11-07 13:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-05-18 18:54 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-05-18 18:54 - 2000-08-30 20:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-05-18 18:53 - 2015-05-18 18:54 - 00000000 ____D () C:\Qoobox
2015-05-18 18:53 - 2015-05-18 18:53 - 00012568 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
2015-05-18 18:52 - 2015-05-18 18:52 - 05623645 ____R (Swearware) C:\Documents and Settings\Basil Osbourne\Desktop\ComboFix.exe
2015-05-18 18:52 - 2015-05-18 18:52 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-18 16:43 - 2015-05-18 16:43 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\Microsoft Help
2015-05-18 15:10 - 2015-05-18 15:11 - 02209792 _____ () C:\Documents and Settings\Basil Osbourne\Desktop\adwcleaner_4.204.exe
2015-04-25 19:44 - 2015-05-18 15:22 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 19:44 - 2015-04-25 19:44 - 00000786 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-25 19:44 - 2015-04-25 19:44 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-25 19:44 - 2015-04-25 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-25 19:44 - 2015-04-25 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-04-25 19:44 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-25 19:44 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-25 19:22 - 2015-05-18 15:14 - 00000000 ____D () C:\AdwCleaner
2015-04-25 19:16 - 2015-04-25 19:16 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\IsolatedStorage
2015-04-25 19:15 - 2015-04-25 19:15 - 00103008 _____ () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-04-25 19:15 - 2015-04-25 19:15 - 00000137 _____ () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\fusioncache.dat
2015-04-25 19:11 - 2015-04-25 19:11 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Application Data\AVG2015
2015-04-25 19:05 - 2015-04-25 19:05 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\Avg2015
2015-04-25 19:03 - 2015-04-25 19:03 - 00000711 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-04-25 19:03 - 2015-04-25 19:03 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Application Data\TuneUp Software
2015-04-25 19:01 - 2015-04-25 19:14 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2015
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-19 23:48 - 2010-10-23 18:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-05-19 23:48 - 2007-05-08 10:06 - 01394067 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-19 23:48 - 2007-05-08 09:45 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Local Settings\Temp
2015-05-19 23:46 - 2001-08-18 08:00 - 00013002 _____ () C:\WINDOWS\system32\wpa.dbl
2015-05-19 23:45 - 2007-05-08 05:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-19 23:45 - 2007-05-08 05:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-05-19 23:44 - 2014-03-22 18:30 - 00000246 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-05-19 23:44 - 2010-11-11 18:06 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-19 23:44 - 2010-07-15 14:29 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne\Start Menu\Programs\LG Power Tools
2015-05-19 23:44 - 2007-05-12 17:35 - 00000000 ____D () C:\WINDOWS\system32\Lang
2015-05-19 23:44 - 2007-05-08 09:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-19 08:07 - 2007-05-08 09:45 - 00000278 ___SH () C:\Documents and Settings\Basil Osbourne\ntuser.ini
2015-05-19 08:07 - 2007-05-08 09:45 - 00000000 ____D () C:\Documents and Settings\Basil Osbourne
2015-05-19 08:07 - 2007-05-08 09:42 - 00032614 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-19 08:01 - 2010-11-11 18:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-19 07:35 - 2012-07-10 10:49 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-19 05:14 - 2007-05-08 09:29 - 00000000 ____D () C:\WINDOWS\system32\Restore
2015-05-18 21:47 - 2007-05-08 10:06 - 00000000 __SHD () C:\Documents and Settings\Basil Osbourne\UserData
2015-05-18 21:40 - 2007-05-08 05:20 - 00000327 __RSH () C:\boot.ini
2015-05-18 18:42 - 2010-04-15 15:54 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2015-05-18 16:58 - 2010-07-15 16:58 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-05-18 16:52 - 2013-08-14 10:21 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-05-18 16:46 - 2007-05-08 12:57 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-25 19:53 - 2007-05-08 09:42 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2015-04-25 19:53 - 2007-05-08 09:42 - 00000000 __SHD () C:\Documents and Settings\LocalService
2015-04-25 19:06 - 2012-10-01 18:07 - 00000000 ____D () C:\Documents and Settings\Tonio.MAINOFFICE.000\Local Settings\Application Data\Google
2015-04-25 19:05 - 2015-03-12 21:22 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-04-25 19:03 - 2007-05-08 05:22 - 00669197 _____ () C:\WINDOWS\setupapi.log
2015-04-25 19:00 - 2009-05-23 21:33 - 00000000 ____D () C:\Program Files\AVG
2015-04-25 18:49 - 2007-05-08 21:05 - 00000000 ____D () C:\Program Files\Microsoft ActiveSync
2015-04-25 18:49 - 2007-05-08 05:17 - 00000000 ____D () C:\WINDOWS\Help
2015-04-21 19:36 - 2015-01-04 19:49 - 00000132 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2015-04-21 19:35 - 2007-05-08 13:54 - 00000278 ___SH () C:\Documents and Settings\Virginia Osbourne\ntuser.ini
2015-04-21 19:35 - 2007-05-08 13:54 - 00000000 ____D () C:\Documents and Settings\Virginia Osbourne
2015-04-21 19:34 - 2007-05-08 13:54 - 00000000 ____D () C:\Documents and Settings\Virginia Osbourne\Local Settings\Temp
2015-04-21 18:36 - 2010-07-15 14:29 - 00000000 ____D () C:\Documents and Settings\Virginia Osbourne\Start Menu\Programs\LG Power Tools
2015-04-21 09:30 - 2007-05-08 05:21 - 00346608 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-19 18:31 - 2015-04-15 18:46 - 00011248 _____ () C:\WINDOWS\system32\ScanResults.xml
2015-04-19 18:23 - 2015-04-15 18:36 - 00000464 _____ () C:\WINDOWS\system32\ScannerSettings
==================== Files in the root of some directories =======
2007-05-08 22:27 - 2003-04-03 17:29 - 0128512 _____ () C:\Program Files\Common Files\PCSBoff.exe
2008-03-13 06:19 - 2008-03-13 06:19 - 0002508 _____ () C:\Documents and Settings\Basil Osbourne\Application Data\$_hpcst$.hpc
2015-04-07 17:45 - 2015-04-15 18:39 - 0000109 _____ () C:\Documents and Settings\Basil Osbourne\Application Data\WB.CFG
2015-04-25 19:15 - 2015-04-25 19:15 - 0000137 _____ () C:\Documents and Settings\Basil Osbourne\Local Settings\Application Data\fusioncache.dat
Some content of TEMP:
====================
C:\Documents and Settings\Antonio Lewis\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Basil Osbourne\Local Settings\Temp\catchme.dll
C:\Documents and Settings\Raymond Lewis\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Virginia Osbourne\Local Settings\Temp\contentDATs.exe
C:\Documents and Settings\Virginia Osbourne\Local Settings\Temp\GoogleChromeInstaller.exe
C:\Documents and Settings\Virginia Osbourne\Local Settings\Temp\SecurityScan_Release.exe
C:\Documents and Settings\Virginia Osbourne\Local Settings\Temp\SkypeSetup.exe
JxColeman is offline  
Sponsored Links
Advertisement
 
Old 05-20-2015, 05:16 AM   #4
Security Team
Analyst
 
Valinorum's Avatar
 
Join Date: Jul 2012
Location: Earth
Posts: 12
OS: Window 10 Pro (x64)



Before we commence, please, note that Microsoft has terminated their support for Windows XP. Continuation with this operating system will leave you vulnerable to security exploits. It is in your best interest to upgrade to at least Windows 7. Please consider reading the article: Windows XP - The Elephant In The Room.

I see from your log that you have run ComboFix which is a powerful malware removal tool and should not be run without an expert's supervision. Please, post the log that is found in C:\Combofix.txt, if you still have it.




  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Code:
      Start
      CreateRestorePoint:
      CloseProcesses:
      Emptytemp:
      HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
      HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
      HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.comcast.net/toolbar2.0/search/
      SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms - YHS 3 Auto Yahoo Search Results}
      SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
      SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {A9B172AB-43AF-4E9F-A44F-FDE745B1E72C} URL = {searchTerms} - Google Search
      SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {AB23AC6D-1FE1-4974-831F-1C90746330C6} URL = {searchTerms} - Bing
      SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms} - Search
      DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
      CMD: type "C:\combofix.txt"
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.





  • Required Log(s):
    • FRST Fix Log
    • ComboFix Log


Regards,
Valinorum
__________________
GeekU Graduate
Member of UNITE

Valinorum is offline  
Old 05-20-2015, 08:12 PM   #5
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



Valinorum,

That you so much. That seems to have resolved the problem. I have posted the files you requested. Again thank you very much for the service that you provide. My friend the owner of the computer thanks you also !

I will monitor the thread in case there is anything else I need to do.

FixLog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-05-2015
Ran by Basil Osbourne at 2015-05-20 22:40:07 Run:2
Running from C:\Documents and Settings\Basil Osbourne\Desktop
Loaded Profiles: Basil Osbourne (Available profiles: Basil Osbourne & Virginia Osbourne & Raymond Lewis & Tonio)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Emptytemp:
HKLM\...\Run: [ROC_ROC_JULY_P1] => "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
HKLM Group Policy restriction on software: C:\Program Files\AVG <====== ATTENTION
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.comcast.net/toolbar2.0/search/
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms - YHS 3 Auto Yahoo Search Results}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {A9B172AB-43AF-4E9F-A44F-FDE745B1E72C} URL = {searchTerms} - Google Search
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {AB23AC6D-1FE1-4974-831F-1C90746330C6} URL = {searchTerms} - Bing
SearchScopes: HKU\S-1-5-21-1614895754-1060284298-682003330-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = {searchTerms} - Search
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab
CMD: type "C:\combofix.txt"
End
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 => Value not found.
HKLM => Group Policy Restriction on software restored successfully
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore => Key not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A9B172AB-43AF-4E9F-A44F-FDE745B1E72C} => Key not found.
HKCR\CLSID\{A9B172AB-43AF-4E9F-A44F-FDE745B1E72C} => Key not found.
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AB23AC6D-1FE1-4974-831F-1C90746330C6} => Key not found.
HKCR\CLSID\{AB23AC6D-1FE1-4974-831F-1C90746330C6} => Key not found.
HKU\S-1-5-21-1614895754-1060284298-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} => Key not found.
"HKCR\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}" => Key deleted successfully.
========= type "C:\combofix.txt" =========
ComboFix 15-05-19.01 - Basil Osbourne 05/20/2015 22:17:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3519.2813 [GMT -4:00]
Running from: c:\documents and settings\Basil Osbourne\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Desktop\Internet Security 2013.lnk
c:\documents and settings\Basil Osbourne\UserData\MDZOHGJY
c:\documents and settings\Basil Osbourne\UserData\MDZOHGJY\pmocntr[1].xml
c:\documents and settings\Basil Osbourne\UserData\W3BJQCPD
c:\documents and settings\Basil Osbourne\UserData\W3BJQCPD\comcast[1].xml
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\837b24be8d3ff00e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b4102cfa1e2a9826.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\wmsysprx.prx
.
.
((((((((((((((((((((((((( Files Created from 2015-04-21 to 2015-05-21 )))))))))))))))))))))))))))))))
.
.
2015-05-19 11:54 . 2015-05-20 03:49 60928 ----a-w- c:\windows\md5deep.exe
2015-05-19 11:52 . 2015-05-20 03:48 -------- d-----w- C:\FRST
2015-05-18 20:43 . 2015-05-18 20:43 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\Microsoft Help
2015-04-25 23:44 . 2015-05-18 19:22 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-25 23:44 . 2015-04-25 23:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-25 23:44 . 2015-04-25 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-04-25 23:44 . 2015-04-14 13:37 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-25 23:44 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-25 23:22 . 2015-05-18 19:14 -------- d-----w- C:\AdwCleaner
2015-04-25 23:16 . 2015-04-25 23:16 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\IsolatedStorage
2015-04-25 23:11 . 2015-04-25 23:11 -------- d-----w- c:\documents and settings\Basil Osbourne\Application Data\AVG2015
2015-04-25 23:05 . 2015-04-25 23:05 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\Avg2015
2015-04-25 23:03 . 2015-04-25 23:03 -------- d-----w- c:\documents and settings\Basil Osbourne\Application Data\TuneUp Software
2015-04-25 23:01 . 2015-04-25 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 17:05 . 2010-09-07 08:48 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-14 21:35 . 2012-07-10 14:49 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 21:35 . 2012-07-10 14:49 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-04-09 18:12 . 2015-04-09 18:12 211424 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-04-07 16:45 . 2010-09-07 08:49 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-03 13:37 . 2010-09-07 08:48 110048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-03-20 16:18 . 2010-09-07 08:48 35808 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2015-03-11 16:13 . 2015-03-11 16:13 269792 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-03-11 16:13 . 2015-03-11 16:13 132576 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2015-03-11 16:13 . 2012-04-19 08:50 166880 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-03-11 16:08 . 2011-12-23 17:32 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2003-04-03 21:29 . 2007-05-09 02:27 128512 ----a-w- c:\program files\Common Files\PCSBoff.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-12 282624]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-08-11 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-04-15 3745232]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2006-2-10 73728]
HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe -DeviceID 1336493587 [2002-4-30 487484]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 166880]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [3/11/2015 12:13 PM 269792]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [3/11/2015 12:13 PM 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [4/9/2015 2:12 PM 211424]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 213984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [4/15/2015 1:21 PM 3438032]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [4/15/2015 1:10 PM 311792]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [9/5/2007 11:25 AM 455968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2015 7:44 PM 23256]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 4:34 PM 26984]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/25/2015 7:44 PM 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 cpuz134;cpuz134;\??\c:\docume~1\BASILO~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\BASILO~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 02:01 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 21:35]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 20:39]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 20:39]
.
2015-05-21 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2015-04-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?gws_rd=ssl
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-JoinMe - c:\documents and settings\Basil Osbourne\Local Settings\Application Data\join.me\join.me.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-05-20 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
Completion time: 2015-05-20 22:25:25
ComboFix-quarantined-files.txt 2015-05-21 02:25
.
Pre-Run: 219,136,069,632 bytes free
Post-Run: 219,123,216,384 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 00A2C045FD18D5105C315111DE062861
8F558EB6672622401DA993E1E865C861
========= End of CMD: =========



COMBOFIXLOG
ComboFix 15-05-19.01 - Basil Osbourne 05/20/2015 22:17:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3519.2813 [GMT -4:00]
Running from: c:\documents and settings\Basil Osbourne\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Desktop\Internet Security 2013.lnk
c:\documents and settings\Basil Osbourne\UserData\MDZOHGJY
c:\documents and settings\Basil Osbourne\UserData\MDZOHGJY\pmocntr[1].xml
c:\documents and settings\Basil Osbourne\UserData\W3BJQCPD
c:\documents and settings\Basil Osbourne\UserData\W3BJQCPD\comcast[1].xml
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00091
c:\windows\$msi31uninstall_kb893803v2$\reg00092
c:\windows\$msi31uninstall_kb893803v2$\reg00093
c:\windows\$msi31uninstall_kb893803v2$\reg00094
c:\windows\$msi31uninstall_kb893803v2$\reg00095
c:\windows\$msi31uninstall_kb893803v2$\reg00096
c:\windows\$msi31uninstall_kb893803v2$\reg00097
c:\windows\$msi31uninstall_kb893803v2$\reg00098
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\837b24be8d3ff00e.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b4102cfa1e2a9826.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\wmsysprx.prx
.
.
((((((((((((((((((((((((( Files Created from 2015-04-21 to 2015-05-21 )))))))))))))))))))))))))))))))
.
.
2015-05-19 11:54 . 2015-05-20 03:49 60928 ----a-w- c:\windows\md5deep.exe
2015-05-19 11:52 . 2015-05-20 03:48 -------- d-----w- C:\FRST
2015-05-18 20:43 . 2015-05-18 20:43 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\Microsoft Help
2015-04-25 23:44 . 2015-05-18 19:22 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-25 23:44 . 2015-04-25 23:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-04-25 23:44 . 2015-04-25 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2015-04-25 23:44 . 2015-04-14 13:37 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-25 23:44 . 2015-04-14 13:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-25 23:22 . 2015-05-18 19:14 -------- d-----w- C:\AdwCleaner
2015-04-25 23:16 . 2015-04-25 23:16 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\IsolatedStorage
2015-04-25 23:11 . 2015-04-25 23:11 -------- d-----w- c:\documents and settings\Basil Osbourne\Application Data\AVG2015
2015-04-25 23:05 . 2015-04-25 23:05 -------- d-----w- c:\documents and settings\Basil Osbourne\Local Settings\Application Data\Avg2015
2015-04-25 23:03 . 2015-04-25 23:03 -------- d-----w- c:\documents and settings\Basil Osbourne\Application Data\TuneUp Software
2015-04-25 23:01 . 2015-04-25 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2015
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 17:05 . 2010-09-07 08:48 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-04-14 21:35 . 2012-07-10 14:49 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-04-14 21:35 . 2012-07-10 14:49 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 07:38 . 2015-04-14 07:38 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-04-09 18:12 . 2015-04-09 18:12 211424 ----a-w- c:\windows\system32\drivers\avgidsdriverlx.sys
2015-04-07 16:45 . 2010-09-07 08:49 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-04-03 13:37 . 2010-09-07 08:48 110048 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-03-20 16:18 . 2010-09-07 08:48 35808 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2015-03-11 16:13 . 2015-03-11 16:13 269792 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-03-11 16:13 . 2015-03-11 16:13 132576 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2015-03-11 16:13 . 2012-04-19 08:50 166880 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-03-11 16:08 . 2011-12-23 17:32 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2003-04-03 21:29 . 2007-05-09 02:27 128512 ----a-w- c:\program files\Common Files\PCSBoff.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-11 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-12 282624]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-08-11 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-09-29 210216]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"PeachtreePrefetcher.exe"="c:\progra~1\SAGESO~1\PEACHT~1\PeachtreePrefetcher.exe" [2008-10-02 32768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-04-15 3745232]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2006-2-10 73728]
HPAiODevice(hp psc 700 series) - 1.lnk - c:\program files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe -DeviceID 1336493587 [2002-4-30 487484]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2015\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Pervasive Software\\PSQL\\bin\\w3dbsmgr.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG2015\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2015\\avgmfapx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 166880]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [3/11/2015 12:13 PM 269792]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 35808]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [3/11/2015 12:13 PM 132576]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [4/9/2015 2:12 PM 211424]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 29664]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 4:48 AM 206816]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 4:49 AM 213984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [4/15/2015 1:21 PM 3438032]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2015\avgwdsvc.exe [4/15/2015 1:10 PM 311792]
R2 psqlWGE;Pervasive PSQL Workgroup Engine;c:\program files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [9/5/2007 11:25 AM 455968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [4/25/2015 7:44 PM 23256]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/4/2012 4:34 PM 26984]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [4/25/2015 7:44 PM 1080120]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [10/23/2013 9:15 AM 172192]
S3 cpuz134;cpuz134;\??\c:\docume~1\BASILO~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\BASILO~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-21 02:01 986440 ----a-w- c:\program files\Google\Chrome\Application\43.0.2357.65\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 21:35]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 20:39]
.
2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 20:39]
.
2015-05-21 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
2015-04-11 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-22 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/?gws_rd=ssl
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*https://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe
AddRemove-JoinMe - c:\documents and settings\Basil Osbourne\Local Settings\Application Data\join.me\join.me.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2015-05-20 22:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Pervasive Software\PSQL]
@Denied: ) (Everyone)
@=""
.
Completion time: 2015-05-20 22:25:25
ComboFix-quarantined-files.txt 2015-05-21 02:25
.
Pre-Run: 219,136,069,632 bytes free
Post-Run: 219,123,216,384 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 00A2C045FD18D5105C315111DE062861
8F558EB6672622401DA993E1E865C861
JxColeman is offline  
Old 05-20-2015, 08:28 PM   #6
Security Team
Analyst
 
Valinorum's Avatar
 
Join Date: Jul 2012
Location: Earth
Posts: 12
OS: Window 10 Pro (x64)



  • Step #2 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.





  • Step #3 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.

    Note: Enable your security programs afterwards.





  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Fix Log


Regards,
Valinorum
__________________
GeekU Graduate
Member of UNITE

Valinorum is offline  
Old 05-21-2015, 05:08 AM   #7
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



MalwareBytes Log:

Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 5/21/2015
Scan Time: 7:49:45 AM
Logfile:
Administrator: Yes
Version: 2.01.6.1022
Malware Database: v2015.05.21.01
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Basil Osbourne
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 550153
Time Elapsed: 13 min, 2 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Disabled
Rootkits: Disabled
Heuristics: Disabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)

(end)
JxColeman is offline  
Old 05-21-2015, 06:19 AM   #8
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



ESET Log:

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b950070b84a08147b9184048e69c6a03
# engine=23954
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-21 12:57:03
# local_time=2015-05-21 08:57:03 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='AVG AntiVirus Free Edition 2015'
# compatibility_mode=1055 16777213 100 98 0 118403807 0 0
# scanned=83609
# found=8
# cleaned=8
# scan_time=2622
sh=B859E1E3C5F38DA8EA82D4940325EC60B19FF339 ft=1 fh=30f7fbf806dee4f1 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir"
sh=564160696ED3A767BEB3A5B77DA5107F05EBCBA4 ft=1 fh=62fd1985c73163e4 vn="a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\YontooIEClient.dll.vir"
sh=8CD1FF64506A17AEB81085E57C10496F16FC7A04 ft=1 fh=4e6dbe83fd823904 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Antonio Lewis\My Documents\Downloads\LokeBar (1).exe"
sh=8CD1FF64506A17AEB81085E57C10496F16FC7A04 ft=1 fh=4e6dbe83fd823904 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Antonio Lewis\My Documents\Downloads\LokeBar.exe"
sh=F5AD585CEB7FE93B0AA6CCF4AB4AFD8B38938E54 ft=1 fh=8cc9e44990a037c7 vn="Win32/Toolbar.Zugo potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Antonio Lewis\My Documents\Downloads\PlayItAll-Setup-win32_2.exe"
sh=88478942122E15BFE6AE964373981792024FCC6E ft=1 fh=5d0d2ee863344715 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Basil Osbourne\My Documents\Downloads\cpu-z_1.61-setup-en.exe"
sh=2F9C084B8D0CF22A1D17702CF7CDCF6E24A7C05A ft=1 fh=1e68f53930c96ced vn="Win32/Amonetize potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Tonio.MAINOFFICE\My Documents\Downloads\DriverUpdater_Setup.exe"
JxColeman is offline  
Old 05-21-2015, 09:20 AM   #9
Security Team
Analyst
 
Valinorum's Avatar
 
Join Date: Jul 2012
Location: Earth
Posts: 12
OS: Window 10 Pro (x64)



How is the PC performing?
__________________
GeekU Graduate
Member of UNITE

Valinorum is offline  
Old 05-21-2015, 04:34 PM   #10
Registered Member
 
Join Date: May 2015
Posts: 6
OS: Win7



Running well now. Thanks so much for all of your help. Fantastic job !!
JxColeman is offline  
Old 05-21-2015, 10:03 PM   #11
Security Team
Analyst
 
Valinorum's Avatar
 
Join Date: Jul 2012
Location: Earth
Posts: 12
OS: Window 10 Pro (x64)



Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.




♣ Removal of Tools and Quarantined Files ♣




Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply





♣ Prevention and Future Guidelines ♣




Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  1. Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  2. Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  3. Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.

  4. Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.

  5. And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.


Regards,
Valinorum
__________________
GeekU Graduate
Member of UNITE

Valinorum is offline  
Old 05-25-2015, 07:34 AM   #12
TSF Security Manager
Emeritus
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 52,197
OS: XP Pro; XP Home; Win7 x86 & x64



Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of UNITE since 2006

Microsoft MVP Consumer Security 2009 - 2015
tetonbob is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
stuck in safe mode
ok I was told to run dds and gmer rootkit detector and post the results here. (I think). DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.21.2 Run by HP_Administrator at 21:13:36 on 2014-05-16 Microsoft Windows XP Professional ...
sheriredding Virus/Trojan/Spyware Help 107 09-17-2014 07:06 AM
Windows XP Fix
I have got this intruder on my computer. I cannot access the internet or anything else. I was going to do a system restore, but I cannot get to it. I do have another computer with Vista, but I need the XP computer for work. Please help!
mishamisha Virus/Trojan/Spyware Help 26 07-14-2011 06:36 PM
Hijacked netbook? freezing up Acer AspireOne
To whom it may concern: Thanks for taking the time to help me. My Acer netbook worked great for over a year before it recently was overcome with locking up / freezing issues. I've performed many hard reboots lately, which leads me to believe I have a nasty trojan or rootkit issue, but I have...
badbassrandy Windows XP Support 3 04-26-2011 04:44 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:45 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts