Wont Let Me Upload Or Update. Computer Has STD : (

[Striker911]

My first thread for referance.

http://forums.malwarebytes.org/index.php?showtopic=111305&pid=561848&st=0entry561848

I always do updates and I just found out that the DL's I do are not working but some bug is making it look like they are. So after two cases of CC fruad and strange things going on with my system, I decited to dig into the computer. What I found: MB has not been used or updated since DEC 2009. I use it all the time but some how its being blocked. None of my DL's work. No option to run after the DL. Cant save to desktop and run. Its just all messed up. Not very good with computers but I have to get some help and learn. Once this is all done I will do my part by upgrading to a paid MB account. Just cant get it to work till its cleaned up. Thanks in advance.

[LDTate]

Please do the following to see if it resolves the issue: Post back and let us know please

• 
  
• Download and run mbam-clean.exe from here
  
• It will ask to restart your computer, please allow it to do so very important
  
• After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  
  • 
    
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
    
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or ask and we'll explain how to do it.
    

[Striker911]

Okay I did all that and still when I DL something it disappears in the DL window when the DL is done, and I cant run or find it. I was able to do it all in safe mode but not out of safe mode. MB did find a Trojan and its in Quarantine. I have the 14 day trial as of now but need to put some money in the bank so I can buy MB. Is the $25 for a month, year, or a one time charge?

[Striker911]

Never mind on the price. Its good forever. Google works wonders again : )

[LDTate]

Do this in Normal Mode

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

1. rkill.exe
   
2. rkill.com
   
3. rkill.scr
   
4. WiNlOgOn.exe
   
5. uSeRiNiT.exe
   

Do not reboot your computer after running rkill as the malware programs will start again.

Now run a MBAM scan and post the results.

[Striker911]

TY for the help on this. I will probably have to wait until Sunday when I go to my dads house. Think the HD is dead in our lap top. Will update. Thanks again.

[LDTate]

TY for the help on this. I will probably have to wait until Sunday when I go to my dads house. Think the HD is dead in our lap top. Will update. Thanks again.

Lets hope it isn't dead...

[Striker911]

Lets hope it isn't dead...

Ya lol. The desktop is the one I am having trouble with. The Laptop was dropped and its been down for a while. Wold have been nice to have it now though.

[LDTate]

So the infected one is the one you're using to reply with here?

[Striker911]

Yes it is the one I am using now. My back up is broken.

[LDTate]

Did you try the rkill and MBAM post above?

[Striker911]

Guess I am confused about the above links and how to make that work. I have to go in safe mode then DL one of them. Then in safe mode save on a disk and ul once out of safe mode from said disk? I clicked on the first one while out of safe mode and it tried to run. Got them all to run in DOS out of safe mode and this is what they said:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 06/20/2012 at 16:03:13.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe

Rkill completed on 06/20/2012 at 16:03:21.

[LDTate]

Without rebooting, run MBAM

[LDTate]

Lets try this with combofix.

Download it to your USB device and run it from there.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

• When finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[Striker911]

If my wife calls on her break I will see if she can pick up a flash drive on her way home. Will be a while cause she gets off work at 11pm Central time. Might have to finish that part up tomorrow.

I did a quick scan and it found two more things:

Heuristics.res

File

C:\documents and settings\owner\mydocuments

Going to close out and do a full scan next.

[LDTate]

OK.

Don't knock yourself out over this.

We can work on it tomorrow.

[Striker911]

Okay. Thank you very much for all the help. I am totally computer dumb and so far I have not had any trouble with your help. Here is a more detailed description of the files that where quarantined and deleted.

Files Detected: 2

C:\Documents and Settings\Owner\My Documents\Downloads\uSeRiNiT.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

C:\Documents and Settings\Owner\My Documents\Downloads\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[LDTate]

Lets hope we can get combofix to run.

[Striker911]

I think I got a steal on my thumb drive. $9.88 for a 8gb scandisk. I was able to dl combofix and it did its updates and scan. Here is the report.

ComboFix 12-06-21.02 - Owner 06/21/2012 16:24:04.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2205 [GMT -5:00]

Running from: G:\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\searchplugins\bing-zugo.xml

c:\documents and settings\Owner\WINDOWS

c:\program files\Internet Explorer\SETC7.tmp

c:\program files\Internet Explorer\SETC8.tmp

c:\program files\Search Toolbar

c:\program files\Search Toolbar\icon.ico

c:\program files\Search Toolbar\SearchToolbarUninstall.exe

c:\program files\Search Toolbar\SearchToolbarUpdater.exe

c:\windows\jestertb.dll

c:\windows\system32\avisynth.dll

c:\windows\system32\Cache

c:\windows\system32\Cache\05db629bdde6a6b6.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\3a4d6d49ec2bbd36.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\5a7267a69acc6712.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\671783e106894d3c.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\8acd07389880188f.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\devil.dll

c:\windows\system32\SET4EC.tmp

c:\windows\system32\SET4F0.tmp

c:\windows\system32\SET4F1.tmp

c:\windows\system32\SET4F8.tmp

c:\windows\system32\SETCF.tmp

c:\windows\system32\SETD0.tmp

c:\windows\system32\SETD1.tmp

c:\windows\system32\SETD2.tmp

c:\windows\system32\SETD3.tmp

c:\windows\system32\SETD4.tmp

c:\windows\system32\SETD5.tmp

c:\windows\system32\SETD6.tmp

c:\windows\system32\SETD7.tmp

c:\windows\system32\SETD8.tmp

c:\windows\system32\SETD9.tmp

c:\windows\system32\SETDA.tmp

c:\windows\system32\SETDB.tmp

c:\windows\system32\SETDC.tmp

c:\windows\system32\SETDE.tmp

c:\windows\system32\SETDF.tmp

c:\windows\system32\SETE0.tmp

c:\windows\system32\SETE1.tmp

c:\windows\system32\SETE2.tmp

c:\windows\system32\SETE3.tmp

c:\windows\system32\SETE4.tmp

c:\windows\system32\SETE5.tmp

c:\windows\system32\SETE6.tmp

c:\windows\system32\SETE7.tmp

c:\windows\system32\SETE8.tmp

c:\windows\system32\SETE9.tmp

c:\windows\system32\SETEA.tmp

c:\windows\system32\SETEB.tmp

c:\windows\system32\SETEC.tmp

c:\windows\system32\SETED.tmp

c:\windows\system32\SETEE.tmp

c:\windows\system32\SETEF.tmp

c:\windows\system32\SETF0.tmp

c:\windows\system32\SETF1.tmp

c:\windows\system32\SETF2.tmp

c:\windows\system32\SETF3.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 )))))))))))))))))))))))))))))))

.

.

2012-06-21 10:56 . 2012-06-21 10:56 -------- d-----w- c:\windows\LastGood

2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-06-19 22:34 . 2012-06-19 22:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-19 22:34 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-19 21:31 . 2012-06-19 21:31 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys

2012-06-19 21:31 . 2012-06-19 21:31 -------- d-----w- c:\program files\HitmanPro

2012-06-19 21:30 . 2012-06-19 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

2012-06-19 20:13 . 2012-06-19 20:13 -------- d-----w- c:\documents and settings\Administrator

2012-06-13 23:45 . 2012-06-13 23:45 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-06-13 16:35 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-06-12 08:47 . 2012-06-12 08:47 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2012-06-06 18:11 . 2012-06-06 18:11 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-06-06 18:11 . 2012-06-06 18:11 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-13 23:45 . 2012-04-05 03:19 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-13 23:45 . 2011-05-30 23:37 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 20:19 . 2009-12-03 06:50 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 20:19 . 2009-12-03 06:50 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 20:19 . 2009-12-03 06:50 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 20:19 . 2009-12-03 06:50 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 20:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 20:19 . 2009-12-03 06:50 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 20:19 . 2009-12-03 06:50 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 20:18 . 2009-12-05 17:35 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 20:18 . 2009-12-05 17:35 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 20:18 . 2009-12-05 17:35 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-14 12:00 916992 ------w- c:\windows\system32\wininet.dll

2012-05-15 13:20 . 2008-04-14 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys

2012-05-12 17:26 . 2009-05-22 02:21 499712 ----a-w- c:\windows\system32\msvcp71.dll

2012-05-12 17:26 . 2009-05-22 00:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-05-11 14:42 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46 . 2009-12-03 06:48 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-06-16 19:35 . 2011-03-24 14:07 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-06-12 08:47 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-12 2068536]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2012-02-01 50592]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-02-14 5634560]

"ProcessGovernor"="c:\program files\Process Lasso\processgovernor.exe" [2011-03-16 293392]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-12 1104440]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-05-12 296056]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2010-10-28 10:13 64592 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mmc.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=

"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/11/2011 1:13 AM 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/11/2011 1:13 AM 235216]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/11/2011 1:14 AM 301248]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 11:44 AM 9968]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 11:44 AM 74480]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 4:53 AM 193288]

R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [6/13/2011 5:39 PM 10448]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/19/2012 5:34 PM 654408]

R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [6/12/2012 3:47 AM 935480]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [8/24/2010 12:30 PM 40912]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [8/24/2010 12:30 PM 10448]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/19/2012 5:34 PM 22344]

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 11:44 AM 7408]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [4/30/2012 9:44 AM 5106744]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/4/2012 10:19 PM 257696]

S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [6/19/2012 4:31 PM 27424]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:00 PM 113120]

S3 SWUSBFLT;Microsoft SideWinder VIA Filter Driver;c:\windows\system32\drivers\SWUSBFLT.SYS [12/22/2009 7:39 PM 3968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 23:45]

.

2012-06-17 c:\windows\Tasks\Driver Robot.job

- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2009-12-05 23:29]

.

2012-06-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1409082233-1417001333-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

2012-06-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1409082233-1417001333-1003.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-04-30 23:21]

.

.

------- Supplementary Scan -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files\Superfish\Window Shopper\SuperfishIEAddon.dll

TCP: DhcpNameServer = 192.168.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\84udjxyy.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1b577661-d4bf-43e8-89bf-ed26edf098fa%7D&mid=39f2aa3e2573e9131b881e97531e8a2a-5e74b46db955cce663847f1f854a63d5128a3926&ds=AVG&v=11.1.0.7〈=en&pr=fr&d=2012-05-11%2019%3A46%3A51&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-06-21 16:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(580)

c:\program files\SUPERAntiSpyware\SASWINLO.dll

c:\windows\system32\WININET.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

.

Completion time: 2012-06-21 16:28:46

ComboFix-quarantined-files.txt 2012-06-21 21:28

.

Pre-Run: 133,475,987,456 bytes free

Post-Run: 133,691,707,392 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - AF1EE25A98E3535574A344C99DBC00DA

[LDTate]

How's it running now?

[Striker911]

Its faster but somethings are still not working. I disabled most all the Apps on firefox and now they are all running. Never turned them back on but they are all on.

The download page is still blank after something is downloaded. Cant click it to "run". Sounds like i have some registry errors after the fact.

[LDTate]

Go to the link below and run line 57 right hand side

http://www.kellys-korner-xp.com/xp_tweaks.htm

Restore the Run Command

[LDTate]

Do you still need help with this?

[Striker911]

I do but I dont know whats next. The run command fix did not work. I tried the AVG tool that wanted to fix 3,000 errors and it only fixed half of them. I am stuck and just dont know what to do at this point.

[LDTate]

http://www.geekstogo.com/forum/topic/138-how-to-repair-windows-xp/