papajohn41

April 20, 2013

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1800\A0471679.dll a variant of Win32/Toolbar.Babylon.E application

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1800\A0471680.exe a variant of Win32/Toolbar.Babylon.E application

April 19, 2013

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.19.07

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

HP_Administrator :: MINE [administrator]

4/19/2013 2:39:17 PM

mbam-log-2013-04-19 (14-39-17).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 240746

Time elapsed: 22 minute(s), 2 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 3:26:24 PM, on 4/19/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\HP\KBD\KBD.EXE

C:\WINDOWS\arservice.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\progra~1\common~1\instal~1\update~1\issch.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\AVG SafeGuard toolbar\vprot.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\ehome\RMSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\HP_Administrator\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iSUSScheduler] "c:\progra~1\common~1\instal~1\update~1\issch.exe" -start

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)

O23 - Service: vToolbarUpdater15.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 11284 bytes

Everything seems to running good at this time. Thank you!

April 19, 2013

Thank you for being so understanding and patient with me.

1310

1310_Help

1310Tour

1310Trb

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 11.6

AiO_Scan

AiO_Scan_CDA

AiOSoftware

AiOSoftwareNPI

Anti-Spyware

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Control Panel

ATI Display Driver

Authentium

AVG 2013

Bonjour

BufferChm

C4580

CameraDrivers

CCleaner

Copy

Coupon Printer for Windows

CP_AtenaShokunin1Config

CP_CalendarTemplates1

cp_LightScribeConfig

cp_LightScribePlugin

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CueTour

Defraggler

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DISCover

DocProc

DocumentViewer

DocumentViewerQFolder

Enhanced Multimedia Keyboard Solution

Fax

Fax_CDA

GdiplusUpgrade

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

HP Boot Optimizer

HP Deskjet Printer Preload

HP DigitalMedia Archive

HP Imaging Device Functions 12.0

HP Product Detection

HP Update

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HpSdpAppCoreApp

InstantShareAlert

InstantShareDevices

InterVideo WinDVD Player

iTunes

Java 7 Update 17

Java Auto Updater

Macromedia Shockwave Player

magicJack

Media Center Extender

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.0 Security Update (KB2742607)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Automated Troubleshooting Services Shim

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2003 Edition 60 Days Trial Welcome Tour

Microsoft Office File Validation Add-In

Microsoft Office Standard Edition 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MobileMe Control Panel

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

MP3 Player Utilities 3.5.02

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee autoProducer 4.5

muvee autoProducer unPlugged 1.2

Network

NewCopy

NewCopy_CDA

Otto

PanoStandAlone

PC-Doctor 5 for Windows

PhotoGallery

ProductContext

PS_AIO_04_C4580_Software_Min

PS2

PSPrinters08

PSTAPlugin

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QuickTime

RandMap

Readme

Scan

ScannerCopy

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB2809289)

Security Update for Windows Internet Explorer 8 (KB2817183)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820917)

SkinsHP1

SmartWebPrinting

SolutionCenter

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

Sonic_PrimoSDK

Status

swMSM

Toolbox

TrayApp

Unload

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows Internet Explorer 8 (KB2598845)

Updates from HP (remove only)

WebFldrs XP

WebReg

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

winpcap-r 4.1B

Yahoo! Messenger

Yahoo! Toolbar

April 18, 2013

I am sorry I have been sick for the past few days. I will do this as soon as possible this evening. I am very sorry for the delay.

April 15, 2013

ComboFix 13-04-15.01 - HP_Administrator 04/15/2013 13:04:03.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.170 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\cfscript2.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\windows\iun6002.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\dumphive.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tmp.reg

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2013-03-15 to 2013-04-15 )))))))))))))))))))))))))))))))

.

2013-04-15 00:42 . 2013-04-15 00:43 -------- d-----w- c:\program files\CCleaner

2013-04-12 06:01 . 2013-04-12 06:01 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG2013

2013-04-12 05:59 . 2013-04-12 05:59 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013

2013-04-12 05:58 . 2013-04-12 05:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Avg2013

2013-04-12 05:56 . 2013-04-12 05:56 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\AVG SafeGuard toolbar

2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar

2013-04-12 05:55 . 2013-04-12 05:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AVG SafeGuard toolbar

2013-04-12 05:54 . 2013-04-12 05:52 34592 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-04-12 05:54 . 2013-04-12 05:55 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2013-04-12 05:54 . 2013-04-12 05:54 -------- d-----w- c:\program files\AVG SafeGuard toolbar

2013-04-12 05:43 . 2013-04-12 05:43 -------- d-----w- C:\$AVG

2013-04-12 05:43 . 2013-04-12 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013

2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository\FS

2013-04-12 05:23 . 2013-04-12 05:23 -------- d-----w- c:\windows\system32\wbem\Repository

2013-04-12 05:20 . 2013-04-12 07:45 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Avg2013

2013-04-11 17:53 . 2013-04-11 17:53 -------- d-----w- c:\windows\system32\wbem\repository.old

2013-04-11 16:37 . 2013-04-11 16:37 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Sun

2013-04-11 15:26 . 2013-04-11 15:24 143872 ----a-w- c:\windows\system32\javacpl.cpl

2013-04-11 15:25 . 2013-04-11 15:24 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023x.sys

2013-03-21 18:04 . 2013-02-12 00:32 12928 ------w- c:\windows\system32\dllcache\usb8023.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-11 15:24 . 2012-07-05 16:58 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-04-11 15:24 . 2010-08-17 00:47 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-13 17:34 . 2012-05-08 19:54 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 17:34 . 2011-07-11 18:19 73432 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 08:36 . 2004-08-10 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2004-08-10 19:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-10 19:00 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 02:06 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2013-03-02 02:06 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2013-03-02 02:06 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2013-03-02 01:25 . 2004-08-10 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-03-02 01:08 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec

2013-03-01 15:32 . 2013-03-01 15:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2013-02-27 07:56 . 2004-08-10 12:00 2067456 ----a-w- c:\windows\system32\mstscax.dll

2013-02-27 04:40 . 2013-02-27 04:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2013-02-14 08:52 . 2013-02-14 08:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2013-02-12 00:32 . 2008-08-26 01:41 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2004-08-10 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-02-08 09:37 . 2013-02-08 09:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2013-02-08 09:37 . 2013-02-08 09:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys

2013-02-08 09:37 . 2013-02-08 09:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2013-02-08 09:37 . 2013-02-08 09:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2013-02-08 09:37 . 2013-02-08 09:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2013-01-26 03:55 . 2004-08-10 12:00 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-04-15 00:24 . 2013-04-15 00:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]

"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"DISCover"="c:\program files\DISC\DISCover.exe" [2006-08-01 1073152]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"ISUSScheduler"="c:\progra~1\common~1\instal~1\update~1\issch.exe" [2004-07-28 81920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-13 4394032]

"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-04-12 1223344]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-12-2 27136]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk

backup=c:\windows\pss\Updates from HP.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"AlwaysReady Power Message APP"=ARPWRMSG.EXE

"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\hp\\support\\HPSysInfo.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Documents and Settings\\HP_Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3776:UDP"= 3776:UDP:Media Center Extender Service

"3390:TCP"= 3390:TCP:*:Disabled:Remote Media Center Experience

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

"1433:TCP"= 1433:TCP:SOS Port 1433

"9901:TCP"= 9901:TCP:HP Photosmart C4500

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4/12/2013 12:54 AM 34592]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 4:02 AM 282624]

R2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [4/12/2013 12:54 AM 1008816]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/27/2013 11:42 PM 4937264]

S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [10/17/2006 1:09 PM 35072]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

QWAVE REG_MULTI_SZ QWAVE

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:34]

.

2013-04-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04]

.

2013-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 00:04]

.

2013-04-12 c:\windows\Tasks\{4A1C225C-92AC-485D-8640-A636C17BAEF7}_SHAWN_HP_Administrator.job

- c:\windows\system32\mobsync.exe [2004-08-10 00:12]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

Trusted Zone: target.com\www

Trusted Zone: trymedia.com

TCP: DhcpNameServer = 10.10.10.5 10.10.10.6

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - google.com

FF - ExtSQL: 2013-04-12 00:55; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.1.0.2

FF - ExtSQL: 2013-04-12 02:23; {ab91efd4-6975-4081-8552-1b3922ed79e2}; c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ob6qfmzn.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

FF - ExtSQL: !HIDDEN! 2011-07-26 21:02; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-04-15 13:18

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1080)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2013-04-15 13:22:58

ComboFix-quarantined-files.txt 2013-04-15 18:22

ComboFix2.txt 2013-04-15 00:02

ComboFix3.txt 2013-04-13 18:04

.

Pre-Run: 28,010,053,632 bytes free

Post-Run: 27,922,640,896 bytes free

.

- - End Of File - - 6377A57CC0B5DCEB3C8C8486595C8E30

So far things are going smooth. Thank you for all of your help and speedy responses. I greatly appreciate it!!!

April 15, 2013

Just wanted to let you know I just updated Adobe Reader to the latest version.

How can I delete Webroot SecureAnywhere? I really do not want that on here. I have searched this computer the best of my knowledge and cannot find it on here.

April 15, 2013

ComboFix 13-04-14.01 - HP_Administrator 04/14/2013 18:41:47.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.156 [GMT -5:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Webroot SecureAnywhere *Enabled/Updated* {D486329C-1488-4CEB-9CC8-D662B732D904}

.

((((((((((((((((((((((((( Files Created from 2013-03-14 to 2013-04-14 )))))))))))))))))))))))))))))))

.

2013-04-13 04:31 . 2004-08-10 12:00 7168 ----a-w- c:\windows\system32\dllcache\OLD97.tmp

2013-04-13 04:31 . 2007-04-02 16:36 16384 ----a-w- c:\windows\system32\dllcache\OLD94.tmp

2013-04-13 04:31 . 2008-04-14 00:12 32827 ----a-w- c:\windows\system32\dllcache\OLD91.tmp

2013-04-13 04:31 . 2008-04-14 00:12 16437 ----a-w- c:\windows\system32\dllcache\OLD8E.tmp

2013-04-13 04:31 . 2008-04-14 00:12 20536 ----a-w- c:\windows\system32\dllcache\OLD8B.tmp

2013-04-13 04:31 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\OLD88.tmp

2013-04-13 04:30 . 2013-03-07 01:28 2193408 ----a-w- c:\windows\system32\dllcache\OLD84.tmp

2013-04-13 04:29 . 2004-08-10 12:00 19968 ----a-w- c:\windows\system32\dllcache\OLD81.tmp

2013-04-13 04:29 . 2004-08-10 12:00 7680 ----a-w- c:\windows\system32\dllcache\OLD7E.tmp

2013-04-13 04:27 . 2008-04-14 00:11 49212 ----a-w- c:\windows\system32\dllcache\OLD47.tmp

2013-04-13 04:27 . 2008-04-14 00:11 32826 ----a-w- c:\windows\system32\dllcache\OLD44.tmp

2013-04-13 04:27 . 2008-04-14 00:11 41020 ----a-w- c:\windows\system32\dllcache\OLD41.tmp

2013-04-13 04:27 . 2008-04-14 00:11 102509 ----a-w- c:\windows\system32\dllcache\OLD3E.tmp

2013-04-13 04:27 . 2008-04-14 00:11 49210 ----a-w- c:\windows\system32\dllcache\OLD3B.tmp

2013-04-13 04:27 . 2008-04-14 00:11 147513 ----a-w- c:\windows\system32\dllcache\OLD38.tmp

2013-04-13 04:27 . 2008-04-14 00:11 82035 ----a-w- c:\windows\system32\dllcache\OLD35.tmp

2013-04-13 04:27 . 2008-04-14 00:11 184435 ----a-w- c:\windows\system32\dllcache\OLD32.tmp

2013-04-13 04:25 . 2008-04-14 00:09 76288 ----a-w- c:\windows\system32\dllcache\OLD2C.tmp

2013-04-13 04:25 . 2008-04-14 00:12 188480 ----a-w- c:\windows\system32\dllcache\OLD29.tmp

2013-04-13 04:25 . 2008-04-14 00:09 275968 ----a-w- c:\windows\system32\dllcache\OLD25.tmp

2013-04-13 04:25 . 2004-08-10 12:00 94720 ----a-w- c:\windows\system32\dllcache\OLD22.tmp

2013-04-13 04:25 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD19.tmp

2013-04-13 04:25 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD16.tmp

2013-04-13 04:24 . 2008-04-14 00:12 16439 ----a-w- c:\windows\system32\dllcache\OLD5.tmp

2013-04-13 04:23 . 2008-04-14 00:11 20540 ----a-w- c:\windows\system32\dllcache\OLD2.tmp

2013-04-13 04:23 . 2013-04-13 04:31 -------- d-----w- c:\windows\LastGood