gerridawn

December 11, 2012

Forgot to say it is connecting to the internet now.

December 11, 2012

I am having a bit of an issue,

For some reason I cannotget the monitor to come up I keep getting input signal out of range. I assume becasue I have moved it from the home monitor to my monitor at work. So I have to put it in safe mode in order to see. (if I change the resolution settings they don't hold) Anyway, I have uninstalled Norton but am still getting the error that Norton Internet security is running.

I ran the scans anyway and here are the results.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.8.0 (12.04.2012:1)

OS: Windows Vista Home Premium x64

Ran by Jim on Tue 12/11/2012 at 10:21:42.90

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 12/11/2012 at 10:23:51.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 12-12-04.01 - Jim 12/11/2012 12:46:03.3.4 - x64 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.7179 [GMT -6:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

Command switches used :: c:\users\Jim\Desktop\CFscript.txt

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

- REDUCED FUNCTIONALITY MODE -

.

FILE ::

"c:\windows\Tasks\Playtopus Updater.job"

.

((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))

.

2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- c:\windows\ERUNT

2012-12-05 16:52 . 2012-12-05 16:52 -------- d-----w- C:\JRT

2012-11-28 23:01 . 2012-11-28 23:01 -------- d-----w- c:\users\Jim\AppData\Roaming\SUPERAntiSpyware.com

2012-11-28 23:00 . 2012-11-28 23:01 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-11-28 23:00 . 2012-11-28 23:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\users\Jim\AppData\Roaming\Malwarebytes

2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\programdata\Malwarebytes

2012-11-24 04:00 . 2012-11-24 04:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-11-24 04:00 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-11-24 00:19 . 2012-11-24 00:20 -------- d-----w- c:\users\Jim\AppData\Roaming\Expert PDF 7

2012-11-23 23:04 . 2012-11-23 23:04 -------- d-----w- c:\users\Jim\AppData\Roaming\Tific

2012-11-18 01:52 . 2012-11-18 01:52 -------- d-----w- c:\users\Jim\AppData\Roaming\.minecraft

2012-11-18 01:47 . 2012-11-18 01:47 -------- d-----w- c:\users\Craig\AppData\Roaming\Expert PDF 7

2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\program files (x86)\Avanquest

2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF Jobs

2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Expert PDF 7

2012-11-18 01:46 . 2012-11-18 01:46 -------- d-----w- c:\programdata\Avanquest

2012-11-18 01:45 . 2012-11-18 01:45 -------- d-----w- c:\program files (x86)\SaveValet

2012-11-18 01:45 . 2012-11-28 22:37 -------- d-----w- c:\program files (x86)\Surf Canyon

2012-11-18 01:45 . 2012-11-23 15:31 -------- d-----w- c:\users\Jim\AppData\Roaming\Genieo

2012-11-15 23:54 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll

2012-11-15 23:54 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll

2012-11-15 23:53 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-11-16 09:01 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe

2012-09-13 13:45 . 2012-10-10 04:06 2048 ----a-w- c:\windows\system32\tzres.dll

2012-09-13 13:28 . 2012-10-10 04:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{8EBA1B69-99D8-4135-BD43-729BA79D5CC4}]

c:\users\Craig\AppData\Local\Playtopus\Playtopus.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]

"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-01-12 972344]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-18 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 5628800]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-02 75008]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_01\bin\jusched.exe" [2007-04-07 132760]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Event Planner Reminder 2009.lnk - c:\windows\Installer\{C4609419-C11E-4CE6-B369-F3F8A7DDD94C}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-2-10 237568]

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

Photo Card Event Planner Reminder.lnk - c:\windows\Installer\{C885990F-A824-41A1-82FB-61E3859B4CE2}\Shortcut_Event_Pla_C885990FA82441A182FB61E3859B4CE2.exe [2010-2-10 1718]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43]

.

2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-01 23:43]

.

2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{A529B67C-1C15-4566-86BE-354EDFB718BE}.job

- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]

.

2012-12-11 c:\windows\Tasks\User_Feed_Synchronization-{A6F90E51-164F-46B8-B442-ACFDA631E81A}.job

- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]

.

--------- X64 Entries -----------

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rr.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.google.com

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.202.1.30 10.203.1.30 10.201.1.30

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-DefaultTab - c:\users\Jim\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe

AddRemove-DefaultTab Chrome - c:\program files (x86)\DefaultTab\uninstaller.exe

AddRemove-sp41119 - c:\hp\Softpaq\sp41119\sp41119.exe

AddRemove-sp41121 - c:\hp\Softpaq\sp41121\sp41121.exe

AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{E2AF211B-86DA020A-05040000}]

"ImagePath"="\??\c:\progra~2\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

Completion time: 2012-12-11 12:50:04

ComboFix-quarantined-files.txt 2012-12-11 18:50

ComboFix2.txt 2012-12-11 17:12

.

Pre-Run: 413,273,247,744 bytes free

Post-Run: 413,224,312,832 bytes free

.

- - End Of File - - 85D62AAB28D1A5F6F3E737E448026510

December 6, 2012

Combo fix log

Tried to repair the network connection still unable to connect.

Also IE not responding after restart.

.

ComboFix 12-12-04.01 - Jim 12/06/2012 12:02:18.1.4 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5370 [GMT -6:00]

Running from: c:\users\Jim\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DFRFF10.tmp

c:\windows\SysWow64\jucheck.exe

c:\windows\SysWow64\jusched.exe

.

((((((((((((((((((((((((( Files Created from 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))))

.

2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Alex\AppData\Local\temp

2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Leann\AppData\Local\temp

2012-12-06 18:35 . 2012-12-06 18:35 -------- d-----w- c:\users\Craig\AppData\Local\temp