Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Adobe Flash Problems


  • This topic is locked This topic is locked
12 replies to this topic

#1 Clipper 123

Clipper 123

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 13 March 2015 - 07:27 AM

A new version of the "Fake Adobe Flash" malware and it has really screwed up my pc. 

 

This has happened twice. I have tried to figure this out on my own, but this is probably a new version. While I was browsing, the prompt popped up and of course I didn't click on it to update. BUT, once that prompt came up, I couldn't leave the window. I ended up having to click on the X to get out of it, which was a very bad thing to do because it downloaded anyway. I should have just shut down my puter - but Nooo, I did not and do I ever feel stupid for not doing so. 

 

Anyway, I have tried to find the files related to this one version, and I know I was not successful, and now it has created problems with connectivity, which means it may have created a router issue. Damn. I can't do this by myself. I wear too many hats already. I am requesting help when ya'll have time. Please.

 

It's an updated xp pro ( I know, just limping, but I am migrating soon )

 

Thank you OH kind computer gods! 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 13 March 2015 - 12:18 PM

Hello Clipper 123 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
-------------------------------------------------------------------------------------------------------------------------------
Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

-------------------
SecurityCheck
Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

------------------------------------------------------------------------------------------------------------------------
 
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt
checkup.txt

Good day  :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Clipper 123

Clipper 123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 14 March 2015 - 02:27 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by XXXXXXXXXXXX at 13:11:19 on 2015-03-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.59 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\HitmanPro\hmpsched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\aaa ppppppp\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - <orphaned>
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\11.0.0.10\AVG Secure Search_toolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SansaDispatch] c:\documents and settings\aaa ppppppp\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [Google Update] "c:\documents and settings\aaa ppppppp\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe"  /DoAction
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
DPF: {4E330863-6A11-11D0-BFD8-006097237877} - hxxp://tw.msi.com.tw/autobios/client/iftwclix.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224786067453
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://tw.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{8E9DE36F-BAC5-40DC-B73A-91441E8D9AFC} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aaa ppppppp\application data\mozilla\firefox\profiles\h4y0nmuw.default\
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\aaa ppppppp\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aaa ppppppp\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\aaa ppppppp\local settings\application data\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_16_0_0_305.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 241944]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 98584]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-9-25 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [2014-6-17 191256]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 197400]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2014-12-16 289328]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2015-3-12 106248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-3-8 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-3-8 969016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-3-8 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-3-8 114904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2014-12-16 3247120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\drivers\adsfilter.sys --> c:\windows\system32\drivers\ADSFilter.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\drivers\bw2ndis5.sys --> c:\windows\system32\drivers\BW2NDIS5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
S3 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2015-03-12 17:11:12 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-03-12 16:18:39 -------- d-----w- c:\program files\HitmanPro
2015-03-12 16:16:56 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2015-03-08 15:12:55 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 15:03:44 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 15:03:44 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-08 15:03:44 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-24 00:31:10 -------- d-----w- c:\documents and settings\all users\application data\Avg_Update_0215av
2015-02-18 14:47:58 17323192 ----a-w- c:\program files\common files\microsoft shared\office12\MSO.DLL
.
==================== Find3M  ====================
.
2015-02-05 09:10:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 09:10:07 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2008-04-03 19:04:11 276531 ----a-w- c:\program files\AOLDNLD.exe
2007-11-25 11:15:26 23405072 ----a-w- c:\program files\AdbeRdr811_en_US.exe
2007-08-05 21:55:30 33258392 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2007-07-16 14:53:02 728624 ----a-w- c:\program files\aolsetup.exe
2007-07-16 14:53:02 4424 ----a-w- c:\program files\aolsetup.bin
2007-06-01 12:52:28 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2007-05-22 17:27:51 545752 ----a-w- c:\program files\sgc10_rdr80_DLM_en_US.exe
.
============= FINISH: 13:12:19.48 ===============
 
Okay: Do I attach or Post the Attach.exe file. Your instructions say copy and paste unless asked to do differently, and in the attched doc, it says to do an attachment. ?? 
 

Results of screen317's Security Check version 0.99.98  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Java™ 6 Update 37  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader 9  
 Adobe Reader XI  
 Mozilla Firefox 35.0.1 Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 6% 
````````````````````End of Log`````````````````````` 
 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 14 March 2015 - 07:39 PM

Hi Clipper 123,

Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
HitmanPro
AVG Secure Search
AVG Security Toolbar
mcafee security scan

-------------------------------------
 
 Step 1:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

Step2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step4:
Scan with Malwarebytes Antimalware:
Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 


Edited by olgun52, 15 March 2015 - 07:18 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Clipper 123

Clipper 123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 14 March 2015 - 09:59 PM

Well, I don't have "Programs and features" Just a "Programs" and then a list of them, and those listed items are not there. But I can start the process anyway until I hear from you. Thank you 

 

Add: Where the combofix is located? I have downloaded the script, but I do not have a combofix utility. 

I must have missed something, my apologies. Help?

 

Okay, I will take a look in the morning. Thank you, again.


Edited by Clipper 123, 15 March 2015 - 12:27 AM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 March 2015 - 07:19 AM

Please try run again.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Clipper 123

Clipper 123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 15 March 2015 - 08:24 AM

Okay, I already have the scan/combofix because I figured that is what you may have meant me to do. Thank  you for clearing that up. 

 

You have asked me to clean with the adwcleaner and to clean, I have done that as well, but I am not sure which items

to uncheck as it asks me to. I have not used this utility before, so I am unsure if some of these items that show up. Should I leave them all checked and just proceed to cleaning all of them? I am going to read back in that again, and see if I can clear that up and come back. 

 

thanks again. : )


Edited by Clipper 123, 15 March 2015 - 08:38 AM.


#8 Clipper 123

Clipper 123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 15 March 2015 - 11:10 AM

I just had two instances of the blue screen blinks then shuts down my computer. 

Yesterday, while I was trying to perform my tasks that you required of me, I could not browse, so I shut down and had to restart.

This is after installing new modem/router. 

I had to shut down dumpreg (windows error and report prompt window) because it kept popping up after my scans and would not quit. 

 

I will now post logs as your request. :P  (or die trying)

 

Combofix: 

ComboFix 15-03-14.03 - Axx Pxxxxxx 03/14/2015  22:51:15.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.307 [GMT -5:00]
Running from: c:\documents and settings\Axx Pxxxxxx\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2013 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Axx Pxxxxxx\My Documents\~$RL0323.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRD3518.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0001.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0005.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0051.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0094.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0119.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0183.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0205.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0284.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0323.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0345.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0346.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0409.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0449.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0499.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0523.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0549.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0550.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0573.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0721.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0748.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0778.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0790.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0838.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0873.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0940.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0946.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0947.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL0982.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1203.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1272.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1320.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1350.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1362.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1409.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1422.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1439.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1477.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1486.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1497.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1509.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1572.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1574.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1634.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1661.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1687.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1688.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1700.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1769.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1777.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1819.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1826.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1838.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1871.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1882.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1885.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1911.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1954.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1970.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL1985.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2046.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2090.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2103.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2115.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2144.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2185.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2197.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2225.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2227.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2291.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2293.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2297.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2298.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2325.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2340.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2376.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2400.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2467.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2618.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2626.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2658.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2704.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2731.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2749.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2794.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2815.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2907.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL2925.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3014.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3029.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3049.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3067.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3118.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3126.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3176.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3183.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3199.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3295.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3341.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3343.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3348.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3350.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3374.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3380.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3454.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3529.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3531.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3597.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3600.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3631.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3647.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3656.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3673.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3696.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3735.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3797.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3860.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3956.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3970.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL3993.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4009.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4015.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4024.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4049.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4081.tmp
c:\documents and settings\Axx Pxxxxxx\My Documents\~WRL4087.tmp
c:\windows\$msi31uninstall_kb893803v2$
c:\windows\$msi31uninstall_kb893803v2$\msi.dll
c:\windows\$msi31uninstall_kb893803v2$\msiexec.exe
c:\windows\$msi31uninstall_kb893803v2$\msihnd.dll
c:\windows\$msi31uninstall_kb893803v2$\msimsg.dll
c:\windows\$msi31uninstall_kb893803v2$\msisip.dll
c:\windows\$msi31uninstall_kb893803v2$\reg00013
c:\windows\$msi31uninstall_kb893803v2$\reg00014
c:\windows\$msi31uninstall_kb893803v2$\reg00015
c:\windows\$msi31uninstall_kb893803v2$\reg00016
c:\windows\$msi31uninstall_kb893803v2$\reg00017
c:\windows\$msi31uninstall_kb893803v2$\reg00018
c:\windows\$msi31uninstall_kb893803v2$\reg00019
c:\windows\$msi31uninstall_kb893803v2$\reg00020
c:\windows\$msi31uninstall_kb893803v2$\reg00021
c:\windows\$msi31uninstall_kb893803v2$\reg00022
c:\windows\$msi31uninstall_kb893803v2$\reg00023
c:\windows\$msi31uninstall_kb893803v2$\reg00024
c:\windows\$msi31uninstall_kb893803v2$\reg00025
c:\windows\$msi31uninstall_kb893803v2$\reg00026
c:\windows\$msi31uninstall_kb893803v2$\reg00027
c:\windows\$msi31uninstall_kb893803v2$\reg00028
c:\windows\$msi31uninstall_kb893803v2$\reg00029
c:\windows\$msi31uninstall_kb893803v2$\reg00030
c:\windows\$msi31uninstall_kb893803v2$\reg00031
c:\windows\$msi31uninstall_kb893803v2$\reg00032
c:\windows\$msi31uninstall_kb893803v2$\reg00033
c:\windows\$msi31uninstall_kb893803v2$\reg00034
c:\windows\$msi31uninstall_kb893803v2$\reg00035
c:\windows\$msi31uninstall_kb893803v2$\reg00036
c:\windows\$msi31uninstall_kb893803v2$\reg00037
c:\windows\$msi31uninstall_kb893803v2$\reg00038
c:\windows\$msi31uninstall_kb893803v2$\reg00039
c:\windows\$msi31uninstall_kb893803v2$\reg00040
c:\windows\$msi31uninstall_kb893803v2$\reg00041
c:\windows\$msi31uninstall_kb893803v2$\reg00042
c:\windows\$msi31uninstall_kb893803v2$\reg00043
c:\windows\$msi31uninstall_kb893803v2$\reg00044
c:\windows\$msi31uninstall_kb893803v2$\reg00045
c:\windows\$msi31uninstall_kb893803v2$\reg00046
c:\windows\$msi31uninstall_kb893803v2$\reg00047
c:\windows\$msi31uninstall_kb893803v2$\reg00048
c:\windows\$msi31uninstall_kb893803v2$\reg00051
c:\windows\$msi31uninstall_kb893803v2$\reg00052
c:\windows\$msi31uninstall_kb893803v2$\reg00053
c:\windows\$msi31uninstall_kb893803v2$\reg00054
c:\windows\$msi31uninstall_kb893803v2$\reg00055
c:\windows\$msi31uninstall_kb893803v2$\reg00056
c:\windows\$msi31uninstall_kb893803v2$\reg00057
c:\windows\$msi31uninstall_kb893803v2$\reg00058
c:\windows\$msi31uninstall_kb893803v2$\reg00059
c:\windows\$msi31uninstall_kb893803v2$\reg00060
c:\windows\$msi31uninstall_kb893803v2$\reg00061
c:\windows\$msi31uninstall_kb893803v2$\reg00062
c:\windows\$msi31uninstall_kb893803v2$\reg00063
c:\windows\$msi31uninstall_kb893803v2$\reg00064
c:\windows\$msi31uninstall_kb893803v2$\reg00065
c:\windows\$msi31uninstall_kb893803v2$\reg00066
c:\windows\$msi31uninstall_kb893803v2$\reg00067
c:\windows\$msi31uninstall_kb893803v2$\reg00068
c:\windows\$msi31uninstall_kb893803v2$\reg00069
c:\windows\$msi31uninstall_kb893803v2$\reg00070
c:\windows\$msi31uninstall_kb893803v2$\reg00071
c:\windows\$msi31uninstall_kb893803v2$\reg00072
c:\windows\$msi31uninstall_kb893803v2$\reg00073
c:\windows\$msi31uninstall_kb893803v2$\reg00074
c:\windows\$msi31uninstall_kb893803v2$\reg00075
c:\windows\$msi31uninstall_kb893803v2$\reg00076
c:\windows\$msi31uninstall_kb893803v2$\reg00077
c:\windows\$msi31uninstall_kb893803v2$\reg00078
c:\windows\$msi31uninstall_kb893803v2$\reg00079
c:\windows\$msi31uninstall_kb893803v2$\reg00080
c:\windows\$msi31uninstall_kb893803v2$\reg00081
c:\windows\$msi31uninstall_kb893803v2$\reg00082
c:\windows\$msi31uninstall_kb893803v2$\reg00083
c:\windows\$msi31uninstall_kb893803v2$\reg00084
c:\windows\$msi31uninstall_kb893803v2$\reg00085
c:\windows\$msi31uninstall_kb893803v2$\reg00086
c:\windows\$msi31uninstall_kb893803v2$\reg00087
c:\windows\$msi31uninstall_kb893803v2$\reg00088
c:\windows\$msi31uninstall_kb893803v2$\reg00089
c:\windows\$msi31uninstall_kb893803v2$\reg00090
c:\windows\$msi31uninstall_kb893803v2$\reg00099
c:\windows\$msi31uninstall_kb893803v2$\reg00100
c:\windows\$msi31uninstall_kb893803v2$\reg00101
c:\windows\$msi31uninstall_kb893803v2$\reg00102
c:\windows\$msi31uninstall_kb893803v2$\reg00103
c:\windows\$msi31uninstall_kb893803v2$\reg00104
c:\windows\$msi31uninstall_kb893803v2$\reg00105
c:\windows\$msi31uninstall_kb893803v2$\reg00106
c:\windows\$msi31uninstall_kb893803v2$\reg00107
c:\windows\$msi31uninstall_kb893803v2$\reg00108
c:\windows\$msi31uninstall_kb893803v2$\reg00109
c:\windows\$msi31uninstall_kb893803v2$\reg00110
c:\windows\$msi31uninstall_kb893803v2$\reg00111
c:\windows\$msi31uninstall_kb893803v2$\reg00112
c:\windows\$msi31uninstall_kb893803v2$\reg00113
c:\windows\$msi31uninstall_kb893803v2$\reg00114
c:\windows\$msi31uninstall_kb893803v2$\reg00115
c:\windows\$msi31uninstall_kb893803v2$\reg00116
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.inf
c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.txt
c:\windows\$msi31uninstall_kb893803v2$\spuninst\updspapi.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\01dc5558b562d1de.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7b9fb9c11a664c2a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\a9f69c2c89fe0437.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e929690b65593bc8.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\f9af90a59bf780b3.fb
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-15 to 2015-03-15  )))))))))))))))))))))))))))))))
.
.
2015-03-12 17:11 . 2015-03-12 17:11 12872 ----a-w- c:\windows\system32\bootdelete.exe
2015-03-12 16:18 . 2015-03-12 16:18 -------- d-----w- c:\program files\HitmanPro
2015-03-12 16:16 . 2015-03-12 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2015-03-08 15:12 . 2015-03-15 03:23 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 15:03 . 2015-03-08 15:03 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-03-08 15:03 . 2014-11-21 11:14 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 15:03 . 2014-11-21 11:14 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-02-24 00:31 . 2015-02-24 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg_Update_0215av
2015-02-18 14:47 . 2015-02-18 14:47 17323192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 09:10 . 2013-12-10 19:47 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 09:10 . 2013-12-10 19:47 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2008-04-03 19:04 . 2008-04-03 19:04 276531 ----a-w- c:\program files\AOLDNLD.exe
2007-11-25 11:15 . 2007-11-25 11:15 23405072 ----a-w- c:\program files\AdbeRdr811_en_US.exe
2007-08-05 21:55 . 2007-08-05 19:37 33258392 ----a-w- c:\program files\GoogleSketchUpWEN.exe
2007-07-16 14:53 . 2007-07-16 14:53 728624 ----a-w- c:\program files\aolsetup.exe
2007-07-16 14:53 . 2007-07-16 14:53 4424 ----a-w- c:\program files\aolsetup.bin
2007-06-01 12:52 . 2007-06-01 11:44 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2007-05-22 17:27 . 2007-05-22 17:27 545752 ----a-w- c:\program files\sgc10_rdr80_DLM_en_US.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-30 17:59 2069088 ----a-w- c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-30 2069088]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SansaDispatch"="c:\documents and settings\Amy Paedock\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-12-26 79872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-30 1118304]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-12-16 5188112]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0c:\progra~1\AVG\AVG2014\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Amy Paedock^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\documents and settings\Amy Paedock\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Axx Pxxxxxx^Start Menu^Programs^Startup^MyPC Backup.lnk]
path=c:\documents and settings\Axx Pxxxxxx\Start Menu\Programs\Startup\MyPC Backup.lnk
backup=c:\windows\pss\MyPC Backup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2014-12-19 16:50 1022152 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2006-11-10 13:16 50736 ----a-w- c:\progra~1\AOL9~1.0Z\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-02 05:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2014-10-20 16:25 107912 ----atw- c:\documents and settings\Axx Pxxxxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1207400831\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 01:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickCare]
2008-05-31 14:11 202016 ----a-w- c:\program files\Qwest\Quickcare\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 17:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-02-01 13:59 295072 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Messenger"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Bonjour Service"=2 (0x2)
"vToolbarUpdater11.2.0"=2 (0x2)
"TapiSrv"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DivX\\DivXBundleUninstall.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Axx Pxxxxxx\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Axx Pxxxxxx\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:*:Disabled:EarthLink UHP Modem Support
"5353:UDP"= 5353:UDP:*:Disabled:Bonjour
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 147736]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 241944]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 27416]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [9/25/2013 9:57 PM 121624]
R1 AVGIDSDriverl;AVGIDSDriverl;c:\windows\system32\drivers\avgidsdriverlx.sys [6/17/2014 4:17 PM 191256]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 189720]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 197400]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [12/16/2014 1:09 PM 289328]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [3/12/2015 11:18 AM 106248]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [3/8/2015 10:03 AM 1871160]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [3/8/2015 10:03 AM 969016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3/8/2015 10:03 AM 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [3/8/2015 10:12 AM 114904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [12/16/2014 1:15 PM 3247120]
S3 ADSFilter;ADSFilter - (Aluria Filter Driver);c:\windows\system32\DRIVERS\ADSFilter.sys --> c:\windows\system32\DRIVERS\ADSFilter.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 9:32 AM 167264]
S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [4/9/2014 8:12 AM 235696]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2/11/2011 4:23 PM 35088]
S3 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
S3 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 1:02 PM 1213728]
S4 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [7/9/2012 10:41 AM 935008]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*Deregistered* - hitmanpro37
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2015-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-14 23:14]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-12-14 23:14]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003Core.job
- c:\documents and settings\Axx Pxxxxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 16:25]
.
2015-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-515967899-651377827-725345543-1003UA.job
- c:\documents and settings\Axx Pxxxxxx\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-25 16:25]
.
2015-03-13 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2015-03-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-03-26 01:59]
.
2015-03-14 c:\windows\Tasks\QuickConnectSupportTask.job
- c:\program files\Qwest\QuickConnect\QuickConnect.exe [2009-01-31 21:36]
.
2015-03-13 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-651377827-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2015-03-13 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-651377827-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2015-03-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-651377827-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
2015-03-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-651377827-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 21:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\Axx Pxxxxxx\Application Data\Mozilla\Firefox\Profiles\h4y0nmuw.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
AddRemove-Coupon Printer for Windows2.0 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-14 23:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  SansaDispatch = c:\documents and settings\Axx Pxxxxxx\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe??T?_?T?E?X?T?>? ? ? ? ? ? ? ? ?<?T?A?G?_?T?E?R?M?S?_?A?N?D?_?P?R?I?V?A?C?Y?>?<?/?T?A?G?_?T?E?R 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-515967899-651377827-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2015-03-14  23:14:24
ComboFix-quarantined-files.txt  2015-03-15 04:14
ComboFix2.txt  2010-09-20 22:19
ComboFix3.txt  2010-03-16 17:34
.
Pre-Run: 253,669,535,744 bytes free
Post-Run: 254,858,686,464 bytes free
.
- - End Of File - - 115D4384A1076D9B5531A5C16EBD7229
8F558EB6672622401DA993E1E865C861
 
adwcleaner after scan and clean:
# AdwCleaner v4.112 - Logfile created 15/03/2015 at 09:26:36
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Amy Paedock - TRAINTWO
# Running from : C:\Documents and Settings\Amy Paedock\Desktop\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : vToolbarUpdater11.2.0
[#] Service Deleted : AVG Security Toolbar Service
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SecTaskMan
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\AVG\AVG10\Toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Amy Paedock\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Amy Paedock\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jim Bundy\Application Data\Viewpoint
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\and
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[h4y0nmuw.default\prefs.js] - Line Deleted : user_pref("extensions.xpiState", "{\"app-profile\":{\"client@anonymox.net\":{\"d\":\"C:\\\\Documents and Settings\\\\Axx Pxxxxxx\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\h4y0nmuw.defau[...]
 
-\\ Google Chrome v
 
[C:\Documents and Settings\Axx Pxxxxxx\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
 
*************************
 
AdwCleaner[R0].txt - [8880 bytes] - [14/03/2015 23:58:18]
AdwCleaner[R1].txt - [8309 bytes] - [15/03/2015 08:55:53]
AdwCleaner[S0].txt - [8206 bytes] - [15/03/2015 09:26:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8265  bytes] ##########
 
JRT 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Microsoft Windows XP x86
Ran by Amy Paedock on Sun 03/15/2015 at 10:02:23.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D1F4AE51-7C56-4A09-92D6-5849F0E539D5}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
 
Okay: Here malwarebytes last scan.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/15/2015
Scan Time: 11:28:38 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.03.15.03
Rootkit Database: v2015.02.25.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Amy Paedock
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 380580
Time Elapsed: 30 min, 42 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 

Edited by Clipper 123, 15 March 2015 - 11:55 AM.


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 March 2015 - 12:24 PM

Hi again,
Thanks for the Logs.
 
Step1:
:Run CFScript:
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Download the attached txt.gif  CFScript.txt   1.79KB   0 downloads and save it to the location where Combofix is saved to.

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
 

Step 2:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.07.0.1009.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 3:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Clipper 123

Clipper 123
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:51 PM

Posted 15 March 2015 - 02:18 PM

I am going to try to do all of this before I leave. I had an emergency and I am being called to leave town for a few days. If you don't see anything - please know I should be back in a few days and will follow up accordingly. 

 

I appreciate your help so much!  



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 15 March 2015 - 03:17 PM

Okay. I'am waiting.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 21 March 2015 - 08:37 AM

5 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:51 PM

Posted 23 March 2015 - 02:07 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users