Sailor and i dont know where to start;-(

Started by Ghost, April 20, 2013, 04:00:49 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Ghost

April 20, 2013, 04:00:49 PM
Hi all,
Well he had problems with his puter and thought he had contacted Microsoft for help but i think it was a scam.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Jerry Kinsworthy at 11:50:32 on 2013-04-20
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.703 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee Security Scan\2.1.121\SSScheduler.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4A368E80-174F-4872-96B5-0B27DDD11DB2} - c:\program files\spywareguard\dlprotect.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\jerryk~1\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.1.121\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261230894640
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361648699859
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{CF5091D9-5E16-498A-B006-537EF9C4D443} : DHCPNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: SpywareGuard.Handler - {81559C35-8464-49F7-BB0E-07A383BEF910} - c:\program files\spywareguard\spywareguard.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jerry kinsworthy\application data\mozilla\firefox\profiles\chemdn6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-02-23 11:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\jerry kinsworthy\application data\mozilla\firefox\profiles\chemdn6b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-23 11:47; {C49B68AC-0D21-40A7-9EE0-77D822273103}; c:\documents and settings\jerry kinsworthy\application data\mozilla\firefox\profiles\chemdn6b.default\extensions\{C49B68AC-0D21-40A7-9EE0-77D822273103}.xpi
FF - ExtSQL: 2013-02-23 11:47; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\jerry kinsworthy\application data\mozilla\firefox\profiles\chemdn6b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-4 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-4 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-4 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-4 84744]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
.
=============== Created Last 30 ================
.
2013-04-19 22:55:47   98816   ----a-w-   c:\windows\sed.exe
2013-04-19 22:55:47   256000   ----a-w-   c:\windows\PEV.exe
2013-04-19 22:55:47   208896   ----a-w-   c:\windows\MBR.exe
2013-04-17 11:52:07   --------   d-----w-   c:\documents and settings\all users\application data\McAfee Security Scan
2013-04-17 11:52:03   --------   d-----w-   c:\program files\McAfee Security Scan
2013-04-17 09:53:05   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 20:06:09   --------   d-----w-   c:\documents and settings\jerry kinsworthy\application data\omnitechsupport
2013-04-16 19:40:57   --------   d-----w-   c:\documents and settings\jerry kinsworthy\local settings\application data\LogMeIn Rescue Applet
2013-04-16 19:40:24   --------   d-----w-   c:\documents and settings\jerry kinsworthy\local settings\application data\Deployment
2013-03-22 15:25:58   16486616   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2013-03-22 13:24:42   --------   d-----w-   c:\windows\system32\wbem\repository\FS
2013-03-22 13:24:42   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-03-21 18:20:49   12928   ------w-   c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 18:20:49   12928   ------w-   c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-04 18:50:32   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-27 23:49:28   84744   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-03-27 23:49:28   37352   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2013-03-22 15:26:03   73432   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-22 15:26:03   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-22 13:57:41   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-03-22 13:57:41   782240   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22   293376   ----a-w-   c:\windows\system32\winsrv.dll
2013-03-07 01:28:24   2193408   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:28   2070016   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31   916480   ----a-w-   c:\windows\system32\wininet.dll
2013-03-02 02:06:30   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02   1867264   ----a-w-   c:\windows\system32\win32k.sys
2013-03-02 01:08:47   385024   ------w-   c:\windows\system32\html.iec
2013-02-27 07:56:51   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2013-02-12 00:32:23   12928   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32:23   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55:44   552448   ----a-w-   c:\windows\system32\oleaut32.dll
.
============= FINISH: 11:51:25.37 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 10/22/2006 5:48:08 PM
System Uptime: 4/20/2013 11:08:26 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. |  | 0WF887
Processor:                 Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2527/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 53 GiB total, 34.921 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.543 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP19: 3/9/2013 1:26:04 PM - System Checkpoint
RP20: 3/10/2013 2:57:11 PM - System Checkpoint
RP21: 3/11/2013 5:07:18 PM - System Checkpoint
RP22: 3/13/2013 9:27:24 AM - Software Distribution Service 3.0
RP23: 3/14/2013 10:05:38 AM - System Checkpoint
RP24: 3/15/2013 12:52:21 PM - System Checkpoint
RP25: 3/16/2013 2:29:37 PM - System Checkpoint
RP26: 3/17/2013 3:26:05 PM - System Checkpoint
RP27: 3/18/2013 3:48:52 PM - System Checkpoint
RP28: 3/19/2013 4:26:48 PM - System Checkpoint
RP29: 3/20/2013 5:22:57 PM - System Checkpoint
RP30: 3/21/2013 6:41:05 PM - System Checkpoint
RP31: 3/21/2013 7:58:18 PM - Software Distribution Service 3.0
RP32: 3/22/2013 9:02:22 AM - Removed Java 7 Update 15
RP33: 3/22/2013 9:02:52 AM - Installed Java 7 Update 17
RP34: 3/22/2013 9:06:33 AM - Restore Operation
RP35: 3/22/2013 9:19:30 AM - Restore Operation
RP36: 3/22/2013 9:28:16 AM - Software Distribution Service 3.0
RP37: 3/22/2013 9:57:18 AM - Removed Java 7 Update 15
RP38: 3/22/2013 9:57:34 AM - Installed Java 7 Update 17
RP39: 3/23/2013 10:16:24 AM - System Checkpoint
RP40: 3/24/2013 12:14:13 PM - System Checkpoint
RP41: 3/25/2013 12:26:30 PM - System Checkpoint
RP42: 3/26/2013 1:38:14 PM - System Checkpoint
RP43: 3/27/2013 1:44:57 PM - System Checkpoint
RP44: 3/28/2013 2:31:58 PM - System Checkpoint
RP45: 3/29/2013 6:14:16 PM - System Checkpoint
RP46: 3/30/2013 6:35:12 PM - System Checkpoint
RP47: 4/1/2013 9:24:01 AM - System Checkpoint
RP48: 4/2/2013 9:24:47 AM - System Checkpoint
RP49: 4/3/2013 9:28:20 AM - System Checkpoint
RP50: 4/4/2013 10:28:57 AM - System Checkpoint
RP51: 4/5/2013 10:47:45 AM - System Checkpoint
RP52: 4/6/2013 11:06:52 AM - System Checkpoint
RP53: 4/7/2013 11:29:57 AM - System Checkpoint
RP54: 4/8/2013 1:01:05 PM - System Checkpoint
RP55: 4/9/2013 1:08:17 PM - System Checkpoint
RP56: 4/10/2013 11:00:31 AM - Software Distribution Service 3.0
RP57: 4/11/2013 11:46:35 AM - System Checkpoint
RP58: 4/12/2013 12:02:08 PM - System Checkpoint
RP59: 4/13/2013 12:47:39 PM - System Checkpoint
RP60: 4/14/2013 1:17:01 PM - System Checkpoint
RP61: 4/15/2013 4:01:01 PM - System Checkpoint
RP62: 4/16/2013 5:32:48 PM - System Checkpoint
RP63: 4/17/2013 5:52:20 AM - Installed Java 7 Update 21
RP64: 4/18/2013 6:44:16 AM - System Checkpoint
RP65: 4/19/2013 11:12:39 AM - System Checkpoint
.
==== Installed Programs ======================
.
7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
AnalogX Capture
ATT-RC Self Support Tool
Avira Free Antivirus
Banctec Service Agreement
BellSouth® Scan and Clean Tool
CCleaner (remove only)
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
East-Tec Eraser 2008 Version 8.9
EducateU
ELIcon
Games, Music, & Photos Launcher
GoToAssist Corporate
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP OrderReminder
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer (Enable DEP)
Internet Service Offers Launcher
Java 7 Update 21
Java Auto Updater
Karen's WhoIs
LaserJet 1018
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Small Business Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Modem Helper
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.0
Revo Uninstaller 1.93
Roxio DLA
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 8
SpywareBlaster 4.6
SpywareGuard v2.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
4/20/2013 11:07:46 AM, error: Service Control Manager [7034]  - The McciCMService service terminated unexpectedly.  It has done this 1 time(s).
4/20/2013 11:07:46 AM, error: Service Control Manager [7034]  - The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).
4/20/2013 11:07:46 AM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
4/20/2013 11:03:17 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
4/20/2013 11:03:17 AM, error: Service Control Manager [7000]  - The IMAPI CD-Burning COM Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/19/2013 10:39:34 AM, error: Service Control Manager [7000]  - The helpsvc service failed to start due to the following error:  The system cannot find the file specified.
.
==== End Of File ===========================


Results of screen317's Security Check version 0.99.62 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
Avira Free Antivirus   
McAfee Security Scan Plus   
Avira successfully updated!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Out of date HijackThis  installed!
SpywareBlaster 4.6   
SpywareGuard v2.2   
Malwarebytes Anti-Malware version 1.75.0.1300 
HijackThis 1.99.1   
CCleaner (remove only)   
Java 7 Update 21 
Java version out of Date!
Adobe Flash Player    11.6.602.180 
Adobe Reader 8 
Adobe Reader XI 
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````[/u]

Thanks
Ghost

Corrine

#1
April 20, 2013, 04:52:44 PM
You most certainly have your hands full helping that friend of yours, Ghost. 

Here's the reputation of the company he reached:  omnitechsupport.com | WOT Reputation Scorecard | WOT (Web of Trust)

He doesn't need HijackThis on the computer.  Please go ahead and uninstall it.   He also got the unnecessary McAfee Security Scan Plus with the update and that can be removed too.  It appears that SecurityCheck hasn't been updated to recognize Java 7 Update 21 so at least that part is ok.  :) 

Let's remove any remnants of Omnitech.  Please follow these instructions carefully.  Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

    Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts. 
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#2
April 20, 2013, 05:25:29 PM
Hi Corrine,
QuoteYou most certainly have your hands full helping that friend of yours, Ghost.
Sigh.
I have uninstalled Hijack This and McAfee Security Scan Plus :)
I have noticed there is no Java icon in control panel.
ComboFix 13-04-20.01 - Jerry Kinsworthy 04/20/2013  13:05:45.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.686 [GMT -4:00]
Running from: c:\documents and settings\Jerry Kinsworthy\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-20 to 2013-04-20  )))))))))))))))))))))))))))))))
.
.
2013-04-17 11:51 . 2013-04-17 11:51   --------   d-----w-   c:\program files\Common Files\Java
2013-04-17 09:53 . 2013-04-04 09:35   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-04-16 20:06 . 2013-04-19 23:12   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Application Data\omnitechsupport
2013-04-16 19:40 . 2013-04-19 14:39   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Local Settings\Application Data\LogMeIn Rescue Applet
2013-04-16 19:40 . 2013-04-16 19:40   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Local Settings\Application Data\Deployment
2013-03-22 15:25 . 2013-03-22 15:25   16486616   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2013-03-22 13:24 . 2013-03-22 13:24   --------   d-----w-   c:\windows\system32\wbem\Repository
2013-03-21 18:20 . 2013-02-12 00:32   12928   ------w-   c:\windows\system32\dllcache\usb8023x.sys
2013-03-21 18:20 . 2013-02-12 00:32   12928   ------w-   c:\windows\system32\dllcache\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 18:50 . 2012-11-04 14:49   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-27 23:49 . 2012-11-04 22:41   84744   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-03-27 23:49 . 2012-11-04 22:41   37352   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2013-03-27 23:49 . 2012-11-04 22:41   135136   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2013-03-22 15:26 . 2013-02-23 17:36   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-22 15:26 . 2011-10-09 13:06   73432   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-22 13:57 . 2012-11-04 21:40   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-03-22 13:57 . 2010-05-28 17:11   782240   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-10 17:51   293376   ----a-w-   c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-10 17:51   2193408   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 03:59   2070016   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 17:51   916480   ----a-w-   c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 17:51   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 17:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 17:51   1867264   ----a-w-   c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 17:51   385024   ------w-   c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 18:01   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-06-03 17:07   12928   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 17:51   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2004-08-10 17:51   552448   ----a-w-   c:\windows\system32\oleaut32.dll
2013-04-20 15:29 . 2013-04-20 15:29   263064   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
c:\documents and settings\Jerry Kinsworthy\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41   294912   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-09-28 14:02   16680   ----a-w-   c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35   946352   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29   389120   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20   122940   -c--a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29   39264   -c--a-w-   c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
2008-03-22 20:43   18536   -c--a-w-   c:\program files\East-Tec Eraser 2008\Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35   94208   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42   1404928   -c--a-w-   c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32   253816   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2012 6:41 PM 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2012 6:42 PM 86752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 15:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-02-23 11:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-23 11:47; {C49B68AC-0D21-40A7-9EE0-77D822273103}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{C49B68AC-0D21-40A7-9EE0-77D822273103}.xpi
FF - ExtSQL: 2013-02-23 11:47; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-20 13:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(3852)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-20  13:14:26
ComboFix-quarantined-files.txt  2013-04-20 17:14
ComboFix2.txt  2013-04-19 23:09
ComboFix3.txt  2012-11-05 03:16
.
Pre-Run: 37,496,614,912 bytes free
Post-Run: 37,486,891,008 bytes free
.
- - End Of File - - 2B8CBD6C78B9BE39BB0F897D59CDB123

Thanks,
Ghost

Corrine

#3
April 20, 2013, 07:09:28 PM
Hi, Ghost.

What was in the ComboFix log yesterday?  ComboFix2.txt  2013-04-19 23:09, located at C:\Qoobox\ComboFix3.txt.  I'd like to see that first.

I thought you had run the Norton removal tool the last time I had you run ComboFix on Sailor's computer, found the thread and confirmed that you had run both that and the McAfee tool. 

A friend keeps running into the disappearing Java Control Panel -- to the extent that she has notes on how to restore it.  I'll check with her seeing as how I haven't had Java installed for a long time.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#4
April 20, 2013, 07:28:37 PM
Hi Corrine,
i copy/paste the file  ComboFix2.txt  2013-04-19 23:09 and got this which isnt what you asked for. I did it three times and still the same file.
Strange its an old log??
ComboFix 12-11-04.01 - Jerry Kinsworthy 11/04/2012  22:05:16.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.510.312 [GMT -5:00]
Running from: c:\documents and settings\Jerry Kinsworthy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jerry Kinsworthy\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((   Files Created from 2012-10-05 to 2012-11-05  )))))))))))))))))))))))))))))))
.
.
2012-11-04 22:48 . 2012-11-04 22:48   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Application Data\Avira
2012-11-04 22:41 . 2012-10-04 17:07   133824   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2012-11-04 22:41 . 2012-09-24 14:58   36552   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2012-11-04 22:41 . 2012-09-13 15:58   83792   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2012-11-04 22:41 . 2012-11-04 22:41   --------   d-----w-   c:\program files\Avira
2012-11-04 22:41 . 2012-11-04 22:41   --------   d-----w-   c:\documents and settings\All Users\Application Data\Avira
2012-11-04 21:46 . 2012-11-04 21:46   --------   d-----w-   c:\documents and settings\Jerry Kinsworthy\Local Settings\Application Data\Sun
2012-11-04 21:40 . 2012-11-04 21:40   --------   d-----w-   c:\program files\Common Files\Java
2012-11-04 21:40 . 2012-11-04 21:39   821736   ----a-w-   c:\windows\system32\npDeployJava1.dll
2012-11-04 21:39 . 2012-11-04 21:39   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 21:20 . 2012-11-04 21:20   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-11-04 21:20 . 2012-11-04 21:20   73696   ----a-w-   c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-11-04 21:20 . 2012-11-04 21:20   2560480   ----a-w-   c:\program files\Mozilla Firefox\gkmedias.dll
2012-11-04 21:20 . 2012-11-04 21:20   192600   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-11-04 21:20 . 2012-11-04 21:20   124384   ----a-w-   c:\program files\Mozilla Firefox\mozglue.dll
2012-11-04 21:20 . 2012-11-04 21:20   115168   ----a-w-   c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-11-04 21:20 . 2012-11-04 21:20   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-11-04 21:20 . 2012-11-04 21:20   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-11-04 21:20 . 2012-11-04 21:20   157272   ----a-w-   c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2012-11-04 21:20 . 2012-11-04 21:20   96224   ----a-w-   c:\program files\Mozilla Firefox\webapprt-stub.exe
2012-11-04 14:49 . 2012-11-04 14:49   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-11-04 14:49 . 2012-09-30 00:54   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-04 21:58 . 2011-10-09 13:06   404920   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-04 21:39 . 2009-03-28 15:50   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-11-04 21:39 . 2010-05-28 17:11   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2004-08-10 17:51   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2004-08-10 17:51   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2004-08-10 17:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-10 17:51   385024   ------w-   c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-10 17:51   177664   ----a-w-   c:\windows\system32\wintrust.dll
2012-08-21 13:29 . 2004-08-10 17:51   2192896   ----a-w-   c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-04 03:59   2069632   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2012-11-04 21:20 . 2012-02-04 18:50   261600   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-10-16 384800]
.
c:\documents and settings\Jerry Kinsworthy\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41   294912   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2011-09-28 14:02   16680   ----a-w-   c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00   919008   ----a-r-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20   38872   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29   389120   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20   122940   -c--a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
2008-03-22 20:43   18536   -c--a-w-   c:\program files\East-Tec Eraser 2008\Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35   94208   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42   1404928   -c--a-w-   c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 14:04   252848   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2012 5:41 PM 36552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 11:39 AM 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2012 5:42 PM 84256]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 4:51 PM 4096]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
*NewlyCreated* - WS2IFSL
*Deregistered* - symlcbrd
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4061002
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
FF - ProfilePath - c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\
FF - ExtSQL: 2012-11-04 16:59; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=433821228
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=433821228
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCyCyByC0Azyzz0ByEyCyCzz0D0DtN0D0Tzu0CtBtCzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=433821228&q=
FF - user.js: extensions.funmoods.id - 001676A98B4668DD
FF - user.js: extensions.funmoods.instlDay - 15558
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:29:4
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - nv1
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-04 22:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-04  22:16:07
ComboFix-quarantined-files.txt  2012-11-05 03:16
ComboFix2.txt  2012-11-05 01:06
.
Pre-Run: 40,169,418,752 bytes free
Post-Run: 40,179,650,560 bytes free
.
- - End Of File - - 438ECDE8025745077924EC3CE8299924


Quote
I thought you had run the Norton removal tool the last time I had you run ComboFix on Sailor's computer, found the thread and confirmed that you had run both that and the McAfee tool.
I had cleaned it all up the last time.
Ah ha now i know. Who ever had control of his pc....he mentioned they brought up some old files, and ill bet thats why those tools are there.
QuoteA friend keeps running into the disappearing Java Control Panel -- to the extent that she has notes on how to restore it.  I'll check with her seeing as how I haven't had Java installed for a long time.
Alright and thanks.
Ghost

Corrine

#5
April 20, 2013, 09:45:52 PM
Sorry, I missed this before, installed by Omnitech.  Please uninstall GoToAssist Corporate and then do the following:

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


  • Please open Notepad (Click Start -> Run -> type notepad in the Open field -> OK).  Copy/Paste all of the text present inside the code box below:

Code Select

Folder::
c:\documents and settings\jerry kinsworthy\application data\omnitechsupport
c:\documents and settings\jerry kinsworthy\local settings\application data\LogMeIn Rescue Applet
c:\documents and settings\jerry kinsworthy\local settings\application data\Deployment

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


  • Save this as CFScript.txt and place it on your desktop.
  • Close any open browsers.
  • Close/disable all antivirus and anti-malware programs so they do not interfere with the running of ComboFix.





  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#6
April 20, 2013, 10:53:59 PM
Hi Corrine,
I uninstalled GoToAssist Corporate.
ComboFix 13-04-20.01 - Jerry Kinsworthy 04/20/2013  18:37:44.5.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1022.744 [GMT -4:00]
Running from: c:\documents and settings\Jerry Kinsworthy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jerry Kinsworthy\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\jerry kinsworthy\application data\omnitechsupport
c:\documents and settings\jerry kinsworthy\local settings\application data\Deployment
c:\documents and settings\jerry kinsworthy\local settings\application data\LogMeIn Rescue Applet
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-20 to 2013-04-20  )))))))))))))))))))))))))))))))
.
.
2013-04-17 11:51 . 2013-04-17 11:51   --------   d-----w-   c:\program files\Common Files\Java
2013-04-17 09:53 . 2013-04-04 09:35   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-03-22 15:25 . 2013-03-22 15:25   16486616   ----a-w-   c:\windows\system32\FlashPlayerInstaller.exe
2013-03-22 13:24 . 2013-03-22 13:24   --------   d-----w-   c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-04 18:50 . 2012-11-04 14:49   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-03-27 23:49 . 2012-11-04 22:41   84744   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2013-03-27 23:49 . 2012-11-04 22:41   37352   ----a-w-   c:\windows\system32\drivers\avkmgr.sys
2013-03-27 23:49 . 2012-11-04 22:41   135136   ----a-w-   c:\windows\system32\drivers\avipbb.sys
2013-03-22 15:26 . 2013-02-23 17:36   693976   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-03-22 15:26 . 2011-10-09 13:06   73432   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-22 13:57 . 2012-11-04 21:40   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-03-22 13:57 . 2010-05-28 17:11   782240   ----a-w-   c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-10 17:51   293376   ----a-w-   c:\windows\system32\winsrv.dll
2013-03-07 01:28 . 2004-08-10 17:51   2193408   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-04 03:59   2070016   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2004-08-10 17:51   916480   ----a-w-   c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2004-08-10 17:51   43520   ------w-   c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2004-08-10 17:51   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2004-08-10 17:51   1867264   ----a-w-   c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2004-08-10 17:51   385024   ------w-   c:\windows\system32\html.iec
2013-02-27 07:56 . 2004-08-10 18:01   2067456   ----a-w-   c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2008-06-03 17:07   12928   ----a-w-   c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-10 17:51   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2004-08-10 17:51   552448   ----a-w-   c:\windows\system32\oleaut32.dll
2013-04-20 15:29 . 2013-04-20 15:29   263064   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-27 345312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Jerry Kinsworthy\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 17:41   294912   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Jerry Kinsworthy^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35   946352   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 09:42   15360   ----a-w-   c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-07-17 02:29   389120   -c--a-w-   c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-08 10:20   122940   -c--a-w-   c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2007-03-22 23:29   39264   -c--a-w-   c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
2008-03-22 20:43   18536   -c--a-w-   c:\program files\East-Tec Eraser 2008\Launch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32   77824   -c--a-w-   c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-09-20 13:35   94208   -c--a-w-   c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50   221184   -c--a-w-   c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50   81920   -c--a-w-   c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-09-20 13:36   114688   -c--a-w-   c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-15 00:42   1404928   -c--a-w-   c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32   253816   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [11/4/2012 6:41 PM 37352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 1:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 12:39 PM 32256]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/4/2012 6:42 PM 86752]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 15:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-02-23 11:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-23 11:47; {C49B68AC-0D21-40A7-9EE0-77D822273103}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{C49B68AC-0D21-40A7-9EE0-77D822273103}.xpi
FF - ExtSQL: 2013-02-23 11:47; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Jerry Kinsworthy\Application Data\Mozilla\Firefox\Profiles\chemdn6b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-20 18:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll
.
- - - - - - - > 'explorer.exe'(680)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-04-20  18:46:40
ComboFix-quarantined-files.txt  2013-04-20 22:46
ComboFix2.txt  2013-04-20 17:19
ComboFix3.txt  2013-04-19 23:09
ComboFix4.txt  2012-11-05 03:16
.
Pre-Run: 37,551,411,200 bytes free
Post-Run: 37,539,995,648 bytes free
.
- - End Of File - - 8AF52A5A2D7FA581CEC8279D6934DD9E

Thanks,
Ghost

Corrine

#7
April 20, 2013, 11:10:46 PM
I haven't had a response from my friend yet about the Java CP but will let you know when I do -- or she may register and post here. 

Although I understand trouble-shooting Sailor's problems is somewhat of an ongoing proposition, please uninstall ComboFix so we start with a clean slate. 

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#8
April 20, 2013, 11:19:54 PM
Hi Corrine.
QuoteI haven't had a response from my friend yet about the Java CP but will let you know when I do -- or she may register and post here. 
Alright ill keep an eye open in case your friend posts :)
ComboFix is uninstalled.
Thanks,
Ghost
:rose:

plodr

#9
April 21, 2013, 02:23:01 AM
I assume your Java Control Panel icon is missing. Here is what you do to get it back in XP SP3.
Go to C:\Programs\Java\jre7\bin
In the right pane scroll until you find javacpl.cpl
Hold down the right mouse button as you drag it to the desktop. Lift the right button and select copy here.
Then open Windows Explorer to C:\Windows\System32
Again take the copy on the desktop, hold down the right mouse button and lift the right button and this time select move here.

Now open your Control panel and you should see the java CP icon. Make sure you go through the settings because when i update, java has a tendency to change my settings from what I had previously.
Chugging coffee and computing!

Ghost

#10
April 21, 2013, 11:59:12 AM
Hi plodr,
Well it didnt work. i carefully followed the directions but no luck.
Sorry you had to register and all that but i did keep the directions incase i run into this with another pc;-).
Thanks for your info and time.
Im returning his pc in about 15 minutes.
Ghost
Print
Go Up Pages1
User actions