Inactive BEX Explorer.Exe issues from virus or malware

[yagerinc]

I can not run IE or foxfire without getting a BEX Explorer error or a Explorer.Exe error shutting down my browsers. I have downloaded downloaded several malware and virus programs from cnet but have had no luck removing the virus yet. Can anyone give me an updated step by step process or lead me to a post to get rid of the virus?

Thanks for your help

Richard

 

[Bobbye]

Richard, please try this:
Most likely there is an addon that is messing with IE.

You can try this.

1. Open IE> Tools> Internet Options
2. Choose the Advanced tab.
3. Click the Reset Internet Explorer Settings button.
4. Click Reset to confirm the operation.
5. Click Close when the resetting process finished.
6. Uncheck Enable third-party browser extensions option in the Settings box.
7. Click Apply, click OK.

After this, check to see if it works and if it does, enable one addon at a time until you find the culprit. Then uninstall it and reinstall it if you need it.
===========================================
You have posted in the Virus and Malware Forum. If the above does not resolve the problem, either follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
==============================================
Or repost with a new thread in the Windows Software Forum.
======================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[yagerinc]

Bobbye,

Thanks for you help. I tried the third party browser extension trick but it did not work. I did the 6 step virus and malware removal and have pasted the the logs incase someone can look at them and tell if it is a virus or malware issue.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7938

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/13/2011 11:25:08 AM
mbam-log-2011-10-13 (11-25-08).txt

Scan type: Quick scan
Objects scanned: 48223
Time elapsed: 4 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-13 12:56:09
Windows 6.1.7601 Service Pack 1
Running: Gmer file.exe; Driver: C:\Users\Richard\AppData\Local\Temp\uxliqfow.sys


---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB46378$\2145837852 0 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720 0 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\@ 2048 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\bckfg.tmp 823 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\cfg.ini 199 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\kwrd.dll 208896 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\L 0 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\L\yhrnogyc 78336 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\U 0 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\U\00000002.@ 209920 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB46378$\3009804720\U\80000032.@ 71168 bytes

---- EOF - GMER 1.0.15 ----


DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_17
Run by Richard at 13:04:19 on 2011-10-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.895.320 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\explorer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:60511
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [CollaborationHost] c:\windows\system32\p2phost.exe -s
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Advanced SystemCare 4] c:\program files\iobit\advanced systemcare 4\ASCTray.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\richard\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
uPolicies-explorer: RecycleBinSize = 3 (0x3)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-disallowrun: 1 = AGAsetup0609.exe
uPolicies-disallowrun: 2 = AGsatellite609.exe
uPolicies-disallowrun: 3 = aim.exe
uPolicies-disallowrun: 4 = bearshare.exe
uPolicies-disallowrun: 5 = blubster.exe
uPolicies-disallowrun: 6 = bsinstall.exe
uPolicies-disallowrun: 7 = cchat.exe
uPolicies-disallowrun: 8 = ccwmpproxy.exe
uPolicies-disallowrun: 9 = csrss.exe
uPolicies-disallowrun: 10 = DeskFlagSetup.exe
uPolicies-disallowrun: 11 = desktopwx.exe
uPolicies-disallowrun: 12 = DivxPro501GainBundle.exe
uPolicies-disallowrun: 13 = gator.exe
uPolicies-disallowrun: 14 = gatorsetup.exe
uPolicies-disallowrun: 15 = gatorstubsetup.exe
uPolicies-disallowrun: 16 = grokster.exe
uPolicies-disallowrun: 17 = grokstersetup.exe
uPolicies-disallowrun: 18 = Hlsetup.exe
uPolicies-disallowrun: 19 = HolidayLights.exe
uPolicies-disallowrun: 20 = icq.exe
uPolicies-disallowrun: 21 = icq2002a.exe
uPolicies-disallowrun: 22 = imeshV3.exe
uPolicies-disallowrun: 23 = Install_AIM_4.8.2768.exe
uPolicies-disallowrun: 24 = javaw.exe
uPolicies-disallowrun: 25 = kmd.exe
uPolicies-disallowrun: 26 = kmd161_en.exe
uPolicies-disallowrun: 27 = LimeWireWin.exe
uPolicies-disallowrun: 28 = m2k.zip
uPolicies-disallowrun: 29 = mcc_install
uPolicies-disallowrun: 30 = mmssetup.exe
uPolicies-disallowrun: 31 = morpheus.exe
uPolicies-disallowrun: 32 = morpheusp.exe
uPolicies-disallowrun: 33 = msmsgs.exe
uPolicies-disallowrun: 34 = setupmpe.exe
uPolicies-disallowrun: 35 = stub32i.exe
uPolicies-disallowrun: 36 = SurferPlay.exe
uPolicies-disallowrun: 37 = swebexec.exe
uPolicies-disallowrun: 38 = TheWeatherChannel.exe
uPolicies-disallowrun: 39 = trillianv0725.exe
uPolicies-disallowrun: 40 = twcsetup.exe
uPolicies-disallowrun: 41 = waterfreecnet.exe
uPolicies-disallowrun: 42 = wb33_pub.exe
uPolicies-disallowrun: 43 = wbsamp.exe
uPolicies-disallowrun: 44 = wcopier.exe
uPolicies-disallowrun: 45 = Weatherbug.exe
uPolicies-disallowrun: 46 = Webcopier.exe
uPolicies-disallowrun: 47 = Willowrd.exe
uPolicies-disallowrun: 48 = winamp.exe
uPolicies-disallowrun: 49 = winamp280_full.exe
uPolicies-disallowrun: 50 = winamp280_lite.exe
uPolicies-disallowrun: 51 = winamp280_std.exe
uPolicies-disallowrun: 52 = winmx260.exe
uPolicies-disallowrun: 53 = winxp2.exe
uPolicies-disallowrun: 54 = wotch.exe
uPolicies-disallowrun: 55 = wxbugSetup30.exe
uPolicies-disallowrun: 56 = ymsgrie.exe
uPolicies-disallowrun: 57 = ypager.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: LogonType = 0 (0x0)
dPolicies-explorer: RecycleBinSize = 3 (0x3)
dPolicies-explorer: NoSMBalloonTip = 1 (0x1)
dPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
dPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: DisallowRun = 1 (0x1)
dPolicies-explorer: NoAutoUpdate = 0 (0x0)
dPolicies-disallowrun: 1 = AGAsetup0609.exe
dPolicies-disallowrun: 2 = AGsatellite609.exe
dPolicies-disallowrun: 3 = aim.exe
dPolicies-disallowrun: 4 = bearshare.exe
dPolicies-disallowrun: 5 = blubster.exe
dPolicies-disallowrun: 6 = bsinstall.exe
dPolicies-disallowrun: 7 = cchat.exe
dPolicies-disallowrun: 8 = ccwmpproxy.exe
dPolicies-disallowrun: 9 = csrss.exe
dPolicies-disallowrun: 10 = DeskFlagSetup.exe
dPolicies-disallowrun: 11 = desktopwx.exe
dPolicies-disallowrun: 12 = DivxPro501GainBundle.exe
dPolicies-disallowrun: 13 = gator.exe
dPolicies-disallowrun: 14 = gatorsetup.exe
dPolicies-disallowrun: 15 = gatorstubsetup.exe
dPolicies-disallowrun: 16 = grokster.exe
dPolicies-disallowrun: 17 = grokstersetup.exe
dPolicies-disallowrun: 18 = Hlsetup.exe
dPolicies-disallowrun: 19 = HolidayLights.exe
dPolicies-disallowrun: 20 = icq.exe
dPolicies-disallowrun: 21 = icq2002a.exe
dPolicies-disallowrun: 22 = imeshV3.exe
dPolicies-disallowrun: 23 = Install_AIM_4.8.2768.exe
dPolicies-disallowrun: 24 = javaw.exe
dPolicies-disallowrun: 25 = kmd.exe
dPolicies-disallowrun: 26 = kmd161_en.exe
dPolicies-disallowrun: 27 = LimeWireWin.exe
dPolicies-disallowrun: 28 = m2k.zip
dPolicies-disallowrun: 29 = mcc_install
dPolicies-disallowrun: 30 = mmssetup.exe
dPolicies-disallowrun: 31 = morpheus.exe
dPolicies-disallowrun: 32 = morpheusp.exe
dPolicies-disallowrun: 33 = msmsgs.exe
dPolicies-disallowrun: 34 = setupmpe.exe
dPolicies-disallowrun: 35 = stub32i.exe
dPolicies-disallowrun: 36 = SurferPlay.exe
dPolicies-disallowrun: 37 = swebexec.exe
dPolicies-disallowrun: 38 = TheWeatherChannel.exe
dPolicies-disallowrun: 39 = trillianv0725.exe
dPolicies-disallowrun: 40 = twcsetup.exe
dPolicies-disallowrun: 41 = waterfreecnet.exe
dPolicies-disallowrun: 42 = wb33_pub.exe
dPolicies-disallowrun: 43 = wbsamp.exe
dPolicies-disallowrun: 44 = wcopier.exe
dPolicies-disallowrun: 45 = Weatherbug.exe
dPolicies-disallowrun: 46 = Webcopier.exe
dPolicies-disallowrun: 47 = Willowrd.exe
dPolicies-disallowrun: 48 = winamp.exe
dPolicies-disallowrun: 49 = winamp280_full.exe
dPolicies-disallowrun: 50 = winamp280_lite.exe
dPolicies-disallowrun: 51 = winamp280_std.exe
dPolicies-disallowrun: 52 = winmx260.exe
dPolicies-disallowrun: 53 = winxp2.exe
dPolicies-disallowrun: 54 = wotch.exe
dPolicies-disallowrun: 55 = wxbugSetup30.exe
dPolicies-disallowrun: 56 = ymsgrie.exe
dPolicies-disallowrun: 57 = ypager.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
Trusted Zone: shelterinsurance.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {54D53429-945C-4188-B460-C81356541882} - hxxp://photosmart.hpphoto.com/Download/HPeServicesLocalPrint.CAB
DPF: {829934E4-99B7-49D4-BCAC-C4FC2B9AB630} - hxxps://lpes.shelterinsurance.com/SHL/reports/control/shlrptview.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxps://www.fidelityonline.com/FidelityOnline/util/ImageUploader4.cab
TCP: DhcpNameServer = 10.1.10.1
TCP: Interfaces\{DFAA9EB7-4BFB-4775-917C-6628B81E72A4} : DhcpNameServer = 10.1.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\richard\appdata\roaming\mozilla\firefox\profiles\qixseaa3.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-3 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-12 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-12 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-12 110032]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-12 74640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
R3 MTIMUSB;MagTek 3410 (VCP) USB Device Driver;c:\windows\system32\drivers\MTIMUSB.SYS [2007-8-14 46592]
R3 uxliqfow;uxliqfow;c:\users\richard\appdata\local\temp\uxliqfow.sys [2011-10-13 100864]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
R4 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-10-11 328536]
R4 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-23 52224]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-21 366152]
.
=============== Created Last 30 ================
.
2011-10-13 17:58:14 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ce0f3b8-15c6-4963-930e-1decc81ff962}\offreg.dll
2011-10-13 16:19:40 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2011-10-12 19:02:48 -------- d-----w- c:\users\richard\appdata\roaming\Avira
2011-10-12 19:02:29 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-12 19:02:29 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-12 19:02:28 -------- d-----w- c:\programdata\Avira
2011-10-12 19:02:28 -------- d-----w- c:\program files\Avira
2011-10-12 16:32:44 -------- d-----w- c:\users\richard\appdata\roaming\AVG2012
2011-10-12 16:31:58 -------- d-----w- c:\windows\system32\drivers\AVG
2011-10-11 19:06:19 -------- d-----w- c:\programdata\AVAST Software
2011-10-11 19:06:19 -------- d-----w- c:\program files\AVAST Software
2011-10-11 13:52:16 -------- d-----w- c:\users\richard\appdata\local\Mozilla
2011-10-11 13:19:55 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ce0f3b8-15c6-4963-930e-1decc81ff962}\mpengine.dll
2011-10-07 15:37:08 -------- d-----w- c:\users\richard\appdata\roaming\XelIBtzPNc1v2b4
2011-10-07 15:37:08 -------- d-----w- c:\users\richard\appdata\roaming\R4pmH5sQJdKgZhX
2011-10-07 15:37:07 -------- d-----w- c:\users\richard\appdata\roaming\U5JEgqXkVOt
2011-10-07 15:37:04 -------- d-----w- c:\users\richard\appdata\roaming\zzy1So3m56KfL
2011-10-07 15:37:01 -------- d-----w- c:\users\richard\appdata\roaming\HdXBAF6LCN24KZV
2011-10-07 15:07:32 -------- d-----w- c:\users\richard\appdata\roaming\BVrrllONtxP0cSD
2011-10-07 15:07:31 -------- d-----w- c:\users\richard\appdata\roaming\BrzyxA0uv2b3G
2011-10-07 15:07:29 -------- d-----w- c:\users\richard\appdata\roaming\yo4a5JdE8ZYkeBP
2011-10-07 15:07:28 -------- d-----w- c:\users\richard\appdata\roaming\was7LTjCkVOu1Dn
2011-10-07 15:07:28 -------- d-----w- c:\users\richard\appdata\roaming\kas7LTjCkVOu1Dn
2011-10-07 15:07:27 -------- d-----w- c:\users\richard\appdata\roaming\DAu2bna6KEgqCkO
2011-10-07 14:36:54 -------- d-----w- c:\users\richard\appdata\roaming\CJJJ7ffEL8gTqhC
2011-10-07 14:36:50 -------- d-----w- c:\users\richard\appdata\roaming\ODn4HQ7EgRZhX
2011-10-07 14:36:49 -------- d-----w- c:\users\richard\appdata\roaming\k777gqYkrtuinms
2011-10-07 14:36:48 -------- d-----w- c:\users\richard\appdata\roaming\yK77fgqYkrtuinm
2011-10-07 14:36:48 -------- d-----w- c:\users\richard\appdata\roaming\nqjYCwkklNx0
2011-10-07 14:36:47 -------- d-----w- c:\users\richard\appdata\roaming\lbDD3ppnG4Q6W7E
2011-10-07 14:36:47 -------- d-----w- c:\users\richard\appdata\roaming\IDD33pnG4aQ6W7E
2011-10-07 14:32:14 -------- d-----w- c:\users\richard\appdata\roaming\yHHH6ssWK7fL9TZ
2011-10-07 14:32:14 -------- d-----w- c:\users\richard\appdata\roaming\pKK7fRL9TXqj
2011-10-07 14:32:12 -------- d-----w- c:\users\richard\appdata\roaming\oBz0iDoFm5QEgXU
2011-10-07 14:32:12 -------- d-----w- c:\users\richard\appdata\roaming\h1DoFm5Q7E8R
2011-10-07 14:32:07 -------- d-----w- c:\users\richard\appdata\roaming\pRZZqweBzy1D
2011-10-07 14:32:06 -------- d-----w- c:\users\richard\appdata\roaming\ZZZZqhYXkVOt
2011-10-07 14:32:06 -------- d-----w- c:\users\richard\appdata\roaming\jx0ciDFa5J
2011-10-07 14:28:42 -------- d-----w- c:\users\richard\appdata\roaming\RuuccS2ibD3pn4
2011-10-07 14:28:42 -------- d-----w- c:\users\richard\appdata\roaming\h99hhTXqjUCekBz
2011-10-07 14:28:40 -------- d-----w- c:\users\richard\appdata\roaming\sqXkVOtPy1DoFm5
2011-10-07 14:28:33 -------- d-----w- c:\users\richard\appdata\roaming\L9gTZqjYCkV
2011-10-07 14:28:30 -------- d-----w- c:\users\richard\appdata\roaming\WcuvD2obFm5Q6E8
2011-10-07 14:28:30 -------- d-----w- c:\users\richard\appdata\roaming\iycA1uvD2bpGsJd
2011-10-07 14:16:29 -------- d-----w- c:\users\richard\appdata\roaming\tTTTXXqjYCekV
2011-10-07 14:16:28 -------- d-----w- c:\users\richard\appdata\roaming\V888fRRZ9hTXjUe
2011-10-07 14:16:27 -------- d-----w- c:\users\richard\appdata\roaming\rA1v2FpHs
2011-10-07 14:16:18 -------- d-----w- c:\users\richard\appdata\roaming\JJJJ6ddEK
2011-10-07 14:16:16 -------- d-----w- c:\users\richard\appdata\roaming\ntxxxA0ucS2i
2011-10-07 14:16:00 -------- d-----w- c:\users\richard\appdata\roaming\umG5aQJ6d
2011-10-07 14:15:59 -------- d-----w- c:\users\richard\appdata\roaming\hcA1uvD2oFpGsJd
2011-10-07 14:05:57 -------- d-----w- c:\users\richard\appdata\roaming\gbbbDD3pnG4aH6
2011-10-07 14:05:54 -------- d-----w- c:\users\richard\appdata\roaming\fTTZZqhhYCwUVlO
2011-10-07 14:05:52 -------- d-----w- c:\users\richard\appdata\roaming\N0uuvSS2ibF
2011-10-07 14:05:52 -------- d-----w- c:\users\richard\appdata\roaming\HJLhXUeIz0uv2iF
2011-10-07 14:05:48 -------- d-----w- c:\users\richard\appdata\roaming\S9TqYeVzNx0c2pa
2011-10-07 14:05:48 -------- d-----w- c:\users\richard\appdata\roaming\IXjCkrOt0
2011-10-07 13:35:38 -------- d-----w- c:\users\richard\appdata\roaming\TppmmG55aQ6dW8f
2011-10-07 13:35:33 -------- d-----w- c:\users\richard\appdata\roaming\r5sQJ6dEK
2011-10-07 12:52:12 -------- d-----w- c:\users\richard\appdata\roaming\gRRRL99hTXq
2011-10-07 12:52:08 -------- d-----w- c:\users\richard\appdata\roaming\AuvS2ibF3n5Q6W7
2011-10-06 20:58:46 -------- d-----w- c:\users\richard\appdata\roaming\qWWWK77fRL9g
2011-10-06 20:58:45 -------- d-----w- c:\users\richard\appdata\roaming\eAAA1uuvS2ob3pG
2011-10-06 20:36:46 -------- d-----w- c:\users\richard\appdata\roaming\WL8gRZqhYwUeOtP
2011-10-06 20:36:39 -------- d-----w- c:\users\richard\appdata\roaming\cbF3pmG5aJdKfLh
2011-10-06 19:55:47 -------- d-----w- c:\users\richard\appdata\roaming\U9gTXqjYCkVzNx
2011-10-06 19:55:35 -------- d-----w- c:\users\richard\appdata\roaming\jycA1ivD2n4m5Q7
2011-10-06 18:01:54 -------- d-----w- c:\users\richard\appdata\roaming\t0ycS1ivDo
2011-10-06 17:52:40 -------- d-----w- c:\users\richard\appdata\roaming\QamH6sWJ7E8TqYw
2011-10-06 16:29:47 -------- d-----w- c:\users\richard\appdata\roaming\P4pmH5sQJdK
2011-10-06 15:52:45 -------- d-----w- c:\users\richard\appdata\roaming\cXXwkkUVelOB
2011-10-06 15:39:12 -------- d-----w- c:\users\richard\appdata\roaming\UsWK7fEL9TqYwIr
2011-10-06 15:21:47 -------- d-----w- c:\users\richard\appdata\roaming\Spyware Terminator
2011-10-06 15:21:47 -------- d-----w- c:\programdata\Spyware Terminator
2011-10-06 15:19:35 -------- d-----w- c:\program files\Spyware Terminator
2011-10-06 14:57:50 -------- d-----w- c:\users\richard\appdata\roaming\GH5sWJ7dE8RqYwU
2011-10-05 18:08:39 -------- d--h--w- C:\$AVG
2011-10-05 17:49:07 -------- d-----w- c:\programdata\AVG2012
2011-10-05 13:51:23 -------- d-----w- c:\program files\Minibar
2011-10-04 18:47:12 -------- d-----w- c:\users\richard\appdata\roaming\PC Unleashed Online
2011-10-04 18:47:12 -------- d-----w- c:\users\richard\appdata\roaming\DriverCure
2011-10-04 18:46:43 -------- d-----w- c:\programdata\PC Unleashed Online
2011-09-30 14:03:29 -------- d-----w- c:\users\richard\appdata\roaming\IObit
2011-09-29 14:13:36 -------- d-----w- C:\found.000
.
==================== Find3M ====================
.
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
============= FINISH: 13:11:30.53 ===============

 

[Bobbye]

You have 4 outdated versions of Java, none are the current version. These need to be removed and the newest v6u27 installed. The best way to do that is run this:
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

• Double-click on JavaRa.exe to start the program.
• From the drop-down menu, choose English and click on Select.
• JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
• Click Yes when prompted. When JavaRa is done, a notice will appear that
  a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.

---------------------------------
Download and install then most current version
Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
===========================
When there are outdated Java programs, there is almost always malware in the Java cache, so it needs to be cleared:

1. . Click Start > Control Panel.
2. . Double-click the Java icon
   
   in the Control Panel.
3. . Click Settings under Temporary Internet Files.
   http://www.java.com/en/img/download/5000020303.jpg[/b]
   There are three options on this window to clear the cache.(Version dependent)
   [o]. Delete Files
   [o]. View Applications
   [o]. View Applets
   [*]. Click OK on Delete Temporary Files window.
   Note: This deletes all the Downloaded Applications and Applets from the cache.
   [*]. Click OK on Temporary Files Settings window. [/list]
   ======================================
   [b]You are running 2 antivirus programs[/b]- one of them need to be removed>>
   AV: AVG Anti-Virus Free Edition 2012
   AV: Avira Desktop
   I'm going to have you run Combofix and it won't run with AVG on the system. Please use the app remover below to temporarily uninstall AVG. Keep Avira. If you want to go back to AVG when we finish, then you should remove Avira.
   ===========================================
   Download [url=https://www.techspot.com/downloads/5514-appremover.htmlget/appremover.exe][b][color=blue] AppRemover[/b][/color][/url] and save to the desktop[list=1]
   [*] Double click the setup on the desktop> click [b]Next[/b]
   [*] Select “Remove Security Application”
   [*] Let scan finish to determine security apps
   [*] A screen like below will appear:
   [img]https://www.techspot.com/downloads/5514-appremover.htmlabout/chooseuninstall.gif/image_preview
4. Click on Next after choice has been made
5. Check the AVG program you want to uninstall
6. After uninstall shows complete, follow online prompts to Exit the program.

=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
======================================