TechSpot

[Closed- porn] Granny's computer

By male30ohio
Apr 24, 2012
  1. My Granny's Computer has started running slow over the past few months and now she is having trouble getting online to FaceBook and other sites that she likes to go on. I will be posting the reports shortly after I have finished running all of the initial scans as per the instructions on the how to thread.


    David
     
  2. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.23.07

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    David :: HALL [administrator]

    Protection: Enabled

    4/24/2012 09:45:43 AM
    mbam-log-2012-04-24 (09-45-43).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 528905
    Time elapsed: 5 hour(s), 43 minute(s), 43 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  3. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Sorry, plan on posting rest of requirements as soon as scan done. The 2nd scan, RootKill, has been running for over 20hrs now.
     
  4. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Still running, 2 1/2 days so far. In the last set of folders now. Will post if and when it finally finishes.
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    David, did you mark the thread Active? I don't see Broni helping you. We each mark a thread Active when we pick it up so the other will know the member if being helped.

    Stop the scan! That is not one we have in our preliminary thread.


    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  6. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    It just finished and yes it is in, it is the one after MalwerBytes
     
  7. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-27 14:09:27
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000006a Hitachi_ rev.V54O
    Running: f4qxpycw.exe; Driver: C:\Users\David\AppData\Local\Temp\ugtdipod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAA664F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAA664FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAA665080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAA66511C]

    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8964B498]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8964B4AE]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x8964B484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 81C44982 5 Bytes JMP 8964B488 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text ntkrnlpa.exe!KeSetEvent + 3F1 81CC5B74 4 Bytes [3C, 4F, 66, AA]
    .text ntkrnlpa.exe!KeSetEvent + 621 81CC5DA4 8 Bytes [E4, 4F, 66, AA, 80, 50, 66, ...]
    .text ntkrnlpa.exe!KeSetEvent + 681 81CC5E04 4 Bytes JMP E81D7A8A
    PAGE ntkrnlpa.exe!NtMapViewOfSection 81E2989A 7 Bytes JMP 8964B49C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 81E29B5D 5 Bytes JMP 8964B4B2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8FC05340, 0x3DB197, 0xE8000020]
    ? C:\Windows\system32\drivers\mbamswissarmy.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    Edit: Excess GMER entries deleted by Bobbye
     
  8. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Edit: Excess GMER processes deleted by Bobbye

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\mfevtps.exe[3176] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [00D0A4B0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
    IAT C:\Windows\system32\mfevtps.exe[3176] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00D0A510] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  9. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by David at 14:10:32 on 2012-04-27
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1093 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgfws.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CISVC.EXE
    C:\Windows\Explorer.EXE
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\System32\tcpsvcs.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    D:\Program Files\AWS\WeatherBug\Weather.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\David\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\wuauclt.exe
    c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
    c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uDefault_Page_URL = hxxp://www.msn.com
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:64909
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20111221225819.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Weather] d:\program files\aws\weatherbug\Weather.exe 1
    uRun: [INetBooster] c:\program files\oss\internet booster\ISpBos.exe
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [RtHDVCpl] "RtHDVCpl.exe"
    mRun: [Conime] %windir%\system32\conime.exe
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\mri_di~1\vzacce~1.lnk - c:\program files\verizon wireless\vzaccess manager\VZAccess Manager.exe
    StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\mri_disabled\Adobe Reader Speed Launch.lnk.disabled
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    IE: &Search - ?p=ZJfox000
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: live.com\onecare
    Trusted Zone: vipdesk.com
    Trusted Zone: webex.com\1800flowers
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238190769066
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238190840239
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C958645E-1C07-4A4C-8642-2F28917D5985} : NameServer = 208.67.222.222,208.67.220.220
    TCP: Interfaces\{C958645E-1C07-4A4C-8642-2F28917D5985} : DhcpNameServer = 192.168.2.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\zyvcnqme.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPSFDMGR.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\david\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
    FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
    FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-6 64512]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-2-19 464176]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-2-19 64880]
    R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2011-11-23 2391832]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-29 654408]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-19 214904]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-19 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-19 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-2-19 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-2-19 166288]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-2-19 160608]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-2-19 150856]
    R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-2-19 57600]
    R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\system32\drivers\dc3d.sys [2009-1-15 15360]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-29 22344]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-9-19 180816]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-2-19 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-2-19 338176]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-12-13 30576]
    S2 0067931237840811mcinstcleanup;McAfee Application Installer Cleanup (0067931237840811); [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 dualshock3;DUALSHOCK3 Controller HID Minidriver (USB) Beta;c:\windows\system32\drivers\dualshock3.sys [2010-6-25 11392]
    S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-18 21504]
    S2 gupdate1c999af8596d130;Google Update Service (gupdate1c999af8596d130);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
    S2 iWinGamesInstaller;iWinGamesInstaller; [x]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-13 253088]
    S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [2010-12-7 14336]
    S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [2010-12-7 20736]
    S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [2010-12-7 20096]
    S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [2010-12-7 25088]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-15 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-28 133104]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-2-19 87656]
    S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [2007-8-31 163328]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-04-14 15:12:28 -------- d-----w- c:\program files\ESET
    2012-04-13 22:26:07 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-04-13 23:06:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2008-03-08 21:31:16 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    ============= FINISH: 14:13:18.22 ===============
     
  10. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/20/2007 01:54:47 AM
    System Uptime: 4/22/2012 02:43:07 AM (132 hours ago)
    .
    Motherboard: Acer | | EM61SM/EM61PM
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+ | Socket M2 | 1000/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 144 GiB total, 82.023 GiB free.
    D: is FIXED (NTFS) - 144 GiB total, 126.995 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Port Mouse (IntelliPoint)
    Device ID: ACPI\PNP0F13\3&2411E6FE&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Port Mouse (IntelliPoint)
    PNP Device ID: ACPI\PNP0F13\3&2411E6FE&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acer Assist
    Acer Picture Slide DVD
    Acer Plug and Record
    Acer Registration
    Acer ScreenSaver
    Acer Zone Main Page
    Activation Assistant for the 2007 Microsoft Office suites
    Ad-Aware
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11
    aiofw
    aioprnt
    aioscnnr
    Amazon Kindle For PC
    Amazon MP3 Downloader 1.0.12
    Amazon MP3 Uploader
    AppInventor Setup
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AusLogics Disk Defrag
    Avery Wizard 4.0
    AVG 2012
    AVG PC Tuneup 2011
    BCL easyConverter Desktop 1.0
    Belkin Setup and Router Monitor
    Big Fish Games: Game Manager
    Bing Bar
    Bonjour
    Build-a-lot 3
    Business Contact Manager for Outlook 2007 SP2
    C4USelfUpdater
    CCleaner
    center
    Compatibility Pack for the 2007 Office system
    Computer Requirements 1.0
    Concentration (remove only)
    Corel PaintShop Photo Pro X3
    County Fair
    Coupon Printer for Windows
    Crypt Cafe (Diner Dash Hometown Hero - Gourmet)
    D3DX10
    Diner Dash
    Diner Dash 2
    Diner Dash Seasonal Snack Pack
    DivX Converter
    DivX Player
    DivX Web Player
    Download Updater (AOL LLC)
    EasyFix Tools v1.0
    ESET Online Scanner v3
    EVEREST Ultimate Edition v4.00
    Eye for Design
    Eye for Design (remove only)
    Fairway Solitaire
    Farm Frenzy Pizza Party
    ffdshow [rev 2527] [2008-12-19]
    Fitness Dash
    Fix-it-up
    Free Window Registry Repair
    Game of Life - Path to Success
    GameHouse
    Glary Utilities 2.44.0.1450
    Google Chrome
    Google Update Helper
    Google Updater
    Highlight Viewer (Windows Live Toolbar)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ICA
    iConcepts Photo Frame
    iGridd
    IPM_PSP_CL
    IPM_PSP_COM
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Junk Mail filter update
    KODAK AiO Home Center
    ksDIP
    LG United Mobile Drivers
    LightScribe 1.4.136.1
    Logitech QuickCam Software
    Mahjongg Dimensions Deluxe (remove only)
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mania Combo (remove only)
    Map Button (Windows Live Toolbar)
    Marvell Miniport Driver
    McAfee AntiVirus Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Accounting 2008
    Microsoft Office Accounting 2008 Equifax Addin
    Microsoft Office Accounting 2008 Fixed Asset Manager
    Microsoft Office Accounting 2008 PayPal Addin
    Microsoft Office Accounting ADP Payroll Addin
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Excel Viewer 2003
    Microsoft Office Live Add-in 1.5
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Office Word Viewer 2003
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Streets & Trips 2008
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox 9.0.1 (x86 en-US)
    Mozilla Thunderbird (3.0.11)
    MP3 Download Manager
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    NTI CD & DVD-Maker
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    OSS Internet Speed Booster 3.0.0.0
    OverDrive Media Console
    Paradise Beach
    Parking Dash
    Photo Viewer
    Plants vs. Zombies (remove only)
    PreReq
    PrimoPDF
    PSPPContent
    PSPPRO_DCRAW
    QuickTime
    RealArcade
    Realtek High Definition Audio Driver
    Registry Mechanic 7.0
    RegSupreme Pro
    ResumeMaker Ultimate
    Rhapsody
    RivaTuner v2.04
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Setup
    Skype™ 5.5
    Smart Menus (Windows Live Toolbar)
    Spotify
    Spybot - Search & Destroy
    Sumatra PDF reader
    Supermarket Mania ® 2
    Supple
    Tradewinds 2
    Tradewinds 2 (remove only)
    TweetDeck
    Unity Web Player
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Vacation Mogul Free Trial
    Verizon V CAST Media Manager
    Verizon Wireless Download Manager 2.2.8-SNAPSHOT-r11227
    VIPdesk Scan Utility
    Virtual City (remove only)
    Virtual Families
    Virtual Families (remove only)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VNC Free Edition 4.1.3
    VZAccess Manager
    WeatherBug
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/25/2012 06:43:10 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    4/24/2012 09:43:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/21/2012 03:00:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    .
    ==== End Of File ===========================
     
  11. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Edit: removed unneeded quote.

    No No one has started helping me yet.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am surprised this system runs at all!
    I'm not sure this will work for multiple programs but you can try. It's what we use to temporarily uninstall AVG before running Combofix:

    Download AppRemover and save to the desktop
      1. Double click the setup on the desktop> click Next
      2. Select “Remove Security Application”
      3. Let scan finish to determine security apps
      4. A screen like below will appear:
        [​IMG]
      5. Click on Next after choice has been made
      6. Check the programs you want to uninstall
      7. After uninstall shows complete, follow online prompts to Exit the program.
      =============================
      Reboot the computer when through.The system is slow because it's dragging 20 trucks! Get the security down and then we'll talk about stopping some of the way too many processes running!

      David, this system is 5 years old. Has any maintenance ever been done on it? Have programs that aren't being used be uninstalled? Do temporary internet files and Cookie get deleted? Have unnecessary processes on the Startup Menu been unchecked so they don't start on boot and run in the background?

      BTW, the GMER took so long because you did not follow this:
      Warning: Do not check Show All!
     
  13. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Done, AVG and Ad-Aware were removed. DO I need to remove the McAfee also? The original system is 5 years old but there have been updates done to it, nothing in the past 2 years. She is the only that uses it so we are not that worried about having a great computer for her, just running so she can do her Granny things.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we have a fair amount of work to do> remove some malware, remove some processes, update programs and some additional work.

    Some information please:
    1. Can you tell me please if your Granny is running a business?
    2. Are there any young children at Granny's home.
    3. I am concerned that there is a fair amount of programs and processes running that may not be appropriate for this system. Can you give me an idea of her activity level? Is she elderly- as in way over your 30?
    ===============================================
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =================================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ===========================================
    I will write some script for you to run through Combofix after I see the log. Please leave the Combofix and Eset scan logs in your next reply.
     
  15. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    1. Can you tell me please if your Granny is running a business? No she is not
    2. Are there any young children at Granny's home? No Children
    3. I am concerned that there is a fair amount of programs and processes running that may not be appropriate for this system. Can you give me an idea of her activity level? Is she elderly- as in way over your 30? If 91 is elderly than yes. Games, YouTube, FaceBook, stuff like that mainly.
     
  16. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    ComboFix 12-04-28.01 - David 04/28/2012 20:02:37.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1220 [GMT -4:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Downloaded Installers
    c:\program files\Downloaded Installers\{65D5B9CA-7B04-4604-9D00-4C4D14BA49A3}\setup.msi
    c:\program files\LP
    c:\users\David\Aaron Dec talk sheets .xls
    c:\users\David\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\users\David\AppData\Roaming\.#
    c:\users\David\AppData\Roaming\.#\MBX@138C@3A2918.###
    c:\users\David\AppData\Roaming\.#\MBX@138C@3A2948.###
    c:\users\David\AppData\Roaming\.#\MBX@138C@3A2978.###
    c:\users\David\AppData\Roaming\.#\MBX@5E4@3B2908.###
    c:\users\David\AppData\Roaming\.#\MBX@5E4@3B2938.###
    c:\users\David\AppData\Roaming\.#\MBX@5E4@3B2968.###
    c:\users\David\FireTune.exe
    c:\windows\iun6002.exe
    c:\windows\system32\B1C81C07A0.dll
    c:\windows\system32\bdaplgin.ax
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\3ba2a8f4319a342a.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\7bba3499c4df6752.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\e0de16f883bea794.fb
    c:\windows\system32\cero.rs
    c:\windows\system32\CF17833.exe
    c:\windows\system32\decebe9_d.dll
    c:\windows\system32\divxdec.ax
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\system32\esrb.rs
    c:\windows\system32\g711codc.ax
    c:\windows\system32\grb.rs
    c:\windows\system32\htvcdsvcd70.ax
    c:\windows\system32\iac25_32.ax
    c:\windows\system32\ir41_32.ax
    c:\windows\system32\ivfsrc.ax
    c:\windows\system32\ksproxy.ax
    c:\windows\system32\kstvtune.ax
    c:\windows\system32\Kswdmcap.ax
    c:\windows\system32\ksxbar.ax
    c:\windows\system32\LcProxy.ax
    c:\windows\system32\LcProxy2.ax
    c:\windows\system32\Mpeg2Data.ax
    c:\windows\system32\Mpeg2Decoder.ax
    c:\windows\system32\Mpeg2Parser.ax
    c:\windows\system32\mpg2splt.ax
    c:\windows\system32\MSDvbNP.ax
    c:\windows\system32\MSNP.ax
    c:\windows\system32\oflc.rs
    c:\windows\system32\pegi-fi.rs
    c:\windows\system32\pegi-pt.rs
    c:\windows\system32\pegi.rs
    c:\windows\system32\pegibbfc.rs
    c:\windows\system32\psisrndr.ax
    c:\windows\system32\sm56co85.txt
    c:\windows\system32\system
    c:\windows\system32\usk.rs
    c:\windows\system32\vatee.ax
    c:\windows\system32\VBICodec.ax
    c:\windows\system32\vbisurf.ax
    c:\windows\system32\vidcap.ax
    c:\windows\system32\WEB.rs
    c:\windows\system32\WSTPager.ax
    D:\install.exe
    D:\resycled
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_iWinGamesInstaller
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 00:24 . 2012-04-29 00:55 -------- d-----w- c:\users\David\AppData\Local\temp
    2012-04-29 00:24 . 2012-04-29 00:24 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2012-04-29 00:24 . 2012-04-29 00:24 -------- d-----w- c:\users\Denise Work\AppData\Local\temp
    2012-04-29 00:24 . 2012-04-29 00:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-29 00:24 . 2012-04-29 00:24 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-04-28 12:40 . 2012-04-28 12:40 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\dumps
    2012-04-14 15:12 . 2012-04-14 15:12 -------- d-----w- c:\program files\ESET
    2012-04-13 22:26 . 2012-04-13 23:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-12 22:35 . 2012-04-12 22:35 -------- d-----w- c:\users\Denise Work\AppData\Local\Mozilla
    2012-04-12 14:44 . 2012-04-12 14:44 -------- d-----w- c:\users\Denise Work\AppData\Roaming\AVG2012
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-29 00:44 . 2010-06-24 15:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-04-13 23:06 . 2011-06-27 01:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 19:56 . 2010-03-29 11:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2008-03-08 21:31 . 2008-03-08 21:31 774144 ----a-w- c:\program files\RngInterstitial.dll
    2011-12-21 07:24 . 2011-12-21 23:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 18:01 . 2011-02-19 17:36 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"="d:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
    "INetBooster"="c:\program files\OSS\Internet Booster\ISpBos.exe" [2004-08-19 282624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
    VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2009-5-26 1778992]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
    Adobe Reader Speed Launch.lnk.disabled [2008-5-18 1957]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk]
    backup=c:\windows\pss\eFax 4.3.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
    backup=c:\windows\pss\IMVU.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VZAccess Manager.lnk]
    backup=c:\windows\pss\VZAccess Manager.lnk.Startup
    backupExtension=.Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYRUA_AGENT]
    2011-06-14 04:45 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-11-29 10:19 133104 ----atw- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2011-09-16 22:38 1318552 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2011-08-22 05:18 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-06-20 04:04 13535776 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-06-20 04:04 92704 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
    2007-09-14 12:58 163128 ----a-w- c:\program files\SpiralFrog\Spiralfrog.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-03-23 18:07 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-02-23 01:47 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "DownloadManagerService"="c:\program files\Verizon Wireless Dowloader\dist\servicerunner.exe" /action:startService
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe"
    "EKIJ5000StatusMonitor"=c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 0067931237840811mcinstcleanup;McAfee Application Installer Cleanup (0067931237840811); [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:06]
    .
    2012-04-29 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-12-01 01:06]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 14:18]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 14:18]
    .
    2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190787634-4012676310-1989471191-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 10:19]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190787634-4012676310-1989471191-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 10:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:64909
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: live.com\onecare
    Trusted Zone: vipdesk.com
    Trusted Zone: webex.com\1800flowers
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C958645E-1C07-4A4C-8642-2F28917D5985}: NameServer = 208.67.222.222,208.67.220.220
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\zyvcnqme.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    ShellIconOverlayIdentifiers-{78AEACE2-91AE-4E8E-841E-F1879238670D} - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG2012\avgtray.exe
    AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup 2011\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-28 20:54
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-190787634-4012676310-1989471191-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:1b,cc,96,ed,9f,1b,f1,1a,0a,03,06,54,64,a6,f4,9f,7e,ab,19,19,63,ec,39,
    8e,70,bd,95,8e,c0,6e,a7,07,f7,ff,2a,6e,b0,62,8a,71,5f,86,ec,6a,42,a3,52,10,\
    "??"=hex:9a,8c,72,3c,58,ca,95,80,cd,f0,da,d2,b6,d3,8c,df
    .
    [HKEY_USERS\S-1-5-21-190787634-4012676310-1989471191-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:d7,33,7e,09,c4,db,42,42,bf,0e,fe,6d,63,1d,e0,2e,c9,27,c1,6b,ec,
    a6,66,b6,d4,00,d6,59,f7,14,cf,3b,65,f5,78,d9,81,25,8b,a1,de,fe,1d,50,61,6e,\
    "rkeysecu"=hex:de,b6,88,f1,4a,ef,9e,a7,7b,a7,e0,ef,c4,ac,6c,b4
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3976)
    c:\program files\Logitech\Video\Namespc2.dll
    c:\program files\Logitech\Video\AlbuDBps.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lavasoft\Ad-Aware\AAWService.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2012\avgfws.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CISVC.EXE
    c:\program files\Kodak\AiO\Center\ekdiscovery.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    c:\windows\system32\mfevtps.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\windows\System32\tcpsvcs.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\RtHDVCpl.exe
    c:\windows\system32\NOTEPAD.EXE
    c:\program files\Mozilla Firefox\firefox.exe
    c:\program files\Mozilla Firefox\plugin-container.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-28 21:06:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 01:06
    .
    Pre-Run: 88,477,040,640 bytes free
    Post-Run: 88,321,658,880 bytes free
    .
    - - End Of File - - 54AB58FC7B2BEC5E014ADF35294247F8
     
  17. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\chrome\zumie.jar Win32/Adware.OneStep application
    C:\Users\David\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101015211326149.rsc multiple threats
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I will tell you why I asked those questions. First, for the Eset entries:

    Please download OTMovit by Old Timerand save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\chrome\zumie.jar 
      C:\Users\David\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101015211326149.rsc 
      :Commands
      [purity]
      [emptytemp]
      [emptyjavacache]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ========================================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\CISVC.EXE
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    Folder::
    c:\users\David\AppData\Local\temp
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    c:\users\Denise Work\AppData\Local\temp
    c:\users\Default\AppData\Local\temp
    c:\users\Administrator\AppData\Local\temp
    c:\windows\system32\config\systemprofile\AppData\Local\dumps
    c:\program files\avg\avg2012\avgssie.dll
    c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    D:\Program Files\AWS\WeatherBug\Weather.exe
    uRun: [Weather] d:\program files\aws\weatherbug\Weather.exe 1
    mRun: [Conime] %windir%\system32\conime.exe
    uInternet Settings,ProxyServer = http=127.0.0.1:64909
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    IE: &Search - ?p=ZJfox000
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: live.com\onecare
    Trusted Zone: vipdesk.com
    Trusted Zone: webex.com\1800flowers
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Weather"=-
    "vProt"=-
    "ROC_roc_dec12"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=-
    RegNull::
    [HKEY_USERS\S-1-5-21-190787634-4012676310-1989471191-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:1b,cc,96,ed,9f,1b,f1,1a,0a,03,06,54,64,a6,f4,9f,7e,ab,19,19,63,ec,39,
    8e,70,bd,95,8e,c0,6e,a7,07,f7,ff,2a,6e,b0,62,8a,71,5f,86,ec,6a,42,a3,52,10,\
    "??"=hex:9a,8c,72,3c,58,ca,95,80,cd,f0,da,d2,b6,d3,8c,df
    Clearjavacache::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ==================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    ====================================
    Please leve logs for OTM, Combofix script, Security Scan, CK Scanner in next reply.
    ====================================
    Unless her name is David Aron, she is neither the only user or the primary user. There is business software, There is a keylogger only fit for small children.
    IF she is being given this compoter now for her enjoyment, I suggest you reformat, then reinstall, putting only those programs she will use back on it.
     
  19. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    All processes killed
    ========== FILES ==========
    C:\Program Files\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\chrome\zumie.jar moved successfully.
    C:\Users\David\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\101015211326149.rsc moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78924 bytes
    ->Java cache emptied: 69919 bytes
    ->FireFox cache emptied: 24506799 bytes
    ->Flash cache emptied: 602 bytes

    User: All Users

    User: David
    ->Temp folder emptied: 1253 bytes
    ->Temporary Internet Files folder emptied: 235023146 bytes
    ->Java cache emptied: 3187947 bytes
    ->FireFox cache emptied: 132233710 bytes
    ->Google Chrome cache emptied: 426984480 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 25490763 bytes
    ->Flash cache emptied: 234583 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56545 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Denise Work
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 571460 bytes
    ->FireFox cache emptied: 32583231 bytes
    ->Flash cache emptied: 1504 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 30238 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 99975 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 840.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 04292012_130158

    Files moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Not sure where David Aron comes from. My first name is David. My Granny has used this computer and had it for a few years now. The business software is probably on there from when my sister was working from home on it last year. Unfortunetly I don't have the Windows Disc to do a reinstall.
     
  21. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    ComboFix 12-04-29.02 - David 04/29/2012 13:32:46.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2815.1431 [GMT -4:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    Command switches used :: c:\users\David\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    FILE ::
    "c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe"
    "c:\windows\system32\CISVC.EXE"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
    c:\users\Administrator\AppData\Local\temp
    c:\users\David\AppData\Local\temp
    c:\users\David\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
    c:\users\David\AppData\Local\temp\qtsingleapp-Belkin-e8c-1-lockfile
    c:\users\Default\AppData\Local\temp
    c:\users\Denise Work\AppData\Local\temp
    c:\windows\system32\config\systemprofile\AppData\Local\dumps
    c:\windows\system32\config\systemprofile\AppData\Local\dumps\avgmfapx.exe_129800904285220000.exh
    c:\windows\system32\config\systemprofile\AppData\Local\dumps\avgmfapx.exe_129800904285220000_F.dmp
    c:\windows\system32\config\systemprofile\AppData\Local\dumps\avgmfapx.exe_129800904285220000_M.dmp
    c:\windows\system32\config\systemprofile\AppData\Local\dumps\reports.db
    c:\windows\system32\config\systemprofile\AppData\Local\temp
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_vToolbarUpdater10.2.0
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-29 18:22 . 2012-04-29 18:22 -------- d-----w- c:\users\David\AppData\Local\Temp
    2012-04-29 17:01 . 2012-04-29 17:01 -------- dc----w- C:\_OTM
    2012-04-14 15:12 . 2012-04-14 15:12 -------- d-----w- c:\program files\ESET
    2012-04-13 22:26 . 2012-04-13 23:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-12 22:35 . 2012-04-12 22:35 -------- d-----w- c:\users\Denise Work\AppData\Local\Mozilla
    2012-04-12 14:44 . 2012-04-12 14:44 -------- d-----w- c:\users\Denise Work\AppData\Roaming\AVG2012
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-29 17:57 . 2010-06-24 15:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-04-13 23:06 . 2011-06-27 01:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-04 19:56 . 2010-03-29 11:54 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2008-03-08 21:31 . 2008-03-08 21:31 774144 ----a-w- c:\program files\RngInterstitial.dll
    2011-12-21 07:24 . 2011-12-21 23:03 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-04-14 18:01 . 2011-02-19 17:36 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "INetBooster"="c:\program files\OSS\Internet Booster\ISpBos.exe" [2004-08-19 282624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 849280]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
    "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880]
    "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
    VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2009-5-26 1778992]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^eFax 4.3.lnk]
    backup=c:\windows\pss\eFax 4.3.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
    backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk]
    backup=c:\windows\pss\IMVU.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^VZAccess Manager.lnk]
    backup=c:\windows\pss\VZAccess Manager.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
    2007-02-02 18:05 1261568 ----a-w- c:\program files\Acer Assist\launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Product Registration]
    2007-02-02 19:24 3383296 ----a-w- c:\program files\Acer Registration\ACE1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BYRUA_AGENT]
    2011-06-14 04:45 392280 ----a-w- c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-11-29 10:19 133104 ----atw- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-04-04 19:56 981680 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2011-09-16 22:38 1318552 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2011-08-22 05:18 6276408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-06-20 04:04 13535776 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-06-20 04:04 92704 ----a-w- c:\windows\System32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpiralFrog]
    2007-09-14 12:58 163128 ----a-w- c:\program files\SpiralFrog\Spiralfrog.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2009-03-23 18:07 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2008-02-23 01:47 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
    2006-03-30 20:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "DownloadManagerService"="c:\program files\Verizon Wireless Dowloader\dist\servicerunner.exe" /action:startService
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" -atboottime
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe"
    "EKIJ5000StatusMonitor"=c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 0067931237840811mcinstcleanup;McAfee Application Installer Cleanup (0067931237840811); [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 23:06]
    .
    2012-04-29 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-12-01 01:06]
    .
    2012-04-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-28 18:10]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 14:18]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 14:18]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190787634-4012676310-1989471191-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 10:19]
    .
    2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-190787634-4012676310-1989471191-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-29 10:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://www.yahoo.com
    uInternet Settings,ProxyOverride = *.local
    uInternet Settings,ProxyServer = http=127.0.0.1:64909
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: live.com\onecare
    Trusted Zone: vipdesk.com
    Trusted Zone: webex.com\1800flowers
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{C958645E-1C07-4A4C-8642-2F28917D5985}: NameServer = 208.67.222.222,208.67.220.220
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\zyvcnqme.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-29 14:20
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Lavasoft\Ad-Aware\AAWService.exe
    c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\AVG\AVG2012\avgfws.exe
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CISVC.EXE
    c:\program files\Kodak\AiO\Center\ekdiscovery.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    c:\windows\system32\mfevtps.exe
    c:\program files\Microsoft LifeCam\MSCamS32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files\Microsoft\BingBar\SeaPort.EXE
    c:\windows\System32\tcpsvcs.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
    c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\RtHDVCpl.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-29 14:30:32 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-29 18:30
    ComboFix2.txt 2012-04-29 01:06
    .
    Pre-Run: 89,444,233,216 bytes free
    Post-Run: 89,445,912,576 bytes free
    .
    - - End Of File - - 41E93AB56B3335A86A847B5A4801336C
     
  22. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\bitlord\torrents\3dsexvilla_cracked.torrent
    c:\program files\bitlord\torrents\kates playground - white mesh [by inthecrack].torrent
    c:\program files\bitlord\torrents\lovely lizzy set 1-5 [by inthecrack].torrent
    c:\program files\bitlord\torrents\lovely lizzy set 11-15 [by inthecrack].torrent
    c:\program files\bitlord\torrents\lovely lizzy set 16-20 [by inthecrack].torrent
    c:\program files\bitlord\torrents\lovely lizzy set 6-10 [by inthecrack].torrent
    scanner sequence 3.FN.11.ICLBCG
    ----- EOF -----
     
  23. male30ohio

    male30ohio TS Rookie Topic Starter Posts: 47

    Results of screen317's Security Check version 0.99.32
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    ESET Online Scanner v3
    McAfee AntiVirus Plus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    RegSupreme Pro
    CCleaner
    Java(TM) 6 Update 30
    Java version out of date!
    Adobe Flash Player 11.2.202.233
    Mozilla Firefox (9.0.1)
    Mozilla Thunderbird 3.0.11 Thunderbird out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
    ``````````End of Log````````````
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    BitLord, a torrent downloader-file-sharing program- has been used to download porn.

    This thread is closed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...