# Help please (hijackthis log inside)



## Cams (Apr 5, 2011)

Had to delete.  Posted some sensitive material


----------



## johnb35 (Apr 5, 2011)

At the time of the hijackthis scan, there were no IE processes running.  Lets run a deeper scan and see if anything is hiding.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## Cams (Apr 5, 2011)

Good to hear from you John its been a while. My wife deleted IE and started running FF today to get by.


----------



## johnb35 (Apr 5, 2011)

Please place combofix on the desktop so you can perform the following procedure.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
File::

c:\windows\system32\arp.exe 
c:\windows\system32\slwga.dll 
c:\windows\system32\systemcpl.dll 

Dirlook::

c:\users\Ann Denner\AppData\Local\{962A33F2-EC23-4D55-9537-9442083ECD4E}
c:\users\Ann Denner\AppData\Local\{AA3DD051-D451-4A3E-A925-F1884819661E}
c:\users\Ann Denner\AppData\Local\{AD47A703-035D-43A1-964B-7ED170E08C14}
c:\users\Ann Denner\AppData\Local\{2ACC1756-DB49-4D0C-A970-F744CE401D7E}
c:\users\Ann Denner\AppData\Local\{FB128E9E-BF44-42B9-A753-2CB805F67797}
c:\users\Ann Denner\AppData\Local\{79254E41-303A-49BC-A9A1-BF743F08D8FD}
c:\users\Ann Denner\AppData\Local\{174DBB4A-B7AC-4268-A91A-8B13880200CF}
c:\users\Ann Denner\AppData\Local\{D81BD532-F7EF-4501-9495-8CEC0ED24E29}
c:\users\Ann Denner\AppData\Local\{7A806566-0317-45F1-AF3E-8B4B0F6CD43A}
c:\users\Ann Denner\AppData\Local\{09F3D412-4EB6-470D-8AB3-420E812B89F9}
c:\users\Ann Denner\AppData\Local\{46B89676-3C39-46FB-AB60-205CE51D03FE}
c:\users\Ann Denner\AppData\Local\{82A22DBF-70C8-41F6-94F8-77AFAE37EED9}
c:\users\Ann Denner\AppData\Local\{6FBFF72C-ABB7-49CE-95F5-B551BEB040CA}
c:\users\Ann Denner\AppData\Local\{6FBFF72C-ABB7-49CE-95F5-B551BEB040CA}
c:\users\Ann Denner\AppData\Local\{B51984B8-2349-4620-A0EC-15674A3FE7E8}
c:\users\Ann Denner\AppData\Local\{B1FCD876-24F6-4A6C-8707-B260E8401501}
c:\users\Ann Denner\AppData\Local\{8477AEFE-6C29-444E-98DA-3F420BDE1A92}
c:\users\Ann Denner\AppData\Local\{0B5397D7-5F1A-4683-A6F2-2945D9FD73C6}
c:\users\Ann Denner\AppData\Local\{54B6007E-76E4-4E5F-A2AA-6738F95E75CB}
c:\users\Ann Denner\AppData\Local\{2212034B-3588-46FB-B245-F3CAC5915B84}
c:\users\Ann Denner\AppData\Local\{B0E199C9-C2AA-4709-B24F-FA1DA630ED04}
c:\users\Ann Denner\AppData\Local\{64C561D3-8D28-4B09-B523-FF0CE8B946F0}
c:\users\Ann Denner\AppData\Local\{372A8284-EC7C-4C10-A8AE-EACD40D09B74}
c:\users\Ann Denner\AppData\Local\{4BDC292D-24DA-4D09-ABB1-720E74E09882}
c:\users\Ann Denner\AppData\Local\{4C75E042-1ABF-49B3-8691-98B7D88F82FA}
c:\users\Ann Denner\AppData\Local\{403D0AA8-4848-41A5-83F2-5CB2EF8E84B9}
c:\users\Ann Denner\AppData\Local\{1C89CE03-D7EC-44F0-BEC1-11BE3A3B2F0E}
c:\users\Ann Denner\AppData\Local\{A354EBF4-9D8B-435E-9B2F-84CE19AE4F45}
c:\users\Ann Denner\AppData\Local\{EDDAED52-9A2E-4251-8E67-A8D9ADC7A7CF}
c:\users\Ann Denner\AppData\Local\{30A415EB-55F1-48BF-9584-4A2145F021DF}
c:\users\Ann Denner\AppData\Local\{1EAD172D-3AEB-40F6-A95C-21B63D6A43C3}
c:\users\Ann Denner\AppData\Local\{6668E1E9-16F1-4777-B9EF-CC2BE41092BA}
c:\users\Ann Denner\AppData\Local\{D389357C-9FED-4699-9D4C-27044AF05B8B}
c:\users\Ann Denner\AppData\Local\{C4467FFB-023E-4202-A435-A74E8D62EFEB}
c:\users\Ann Denner\AppData\Local\{80EF2755-3AE1-4D5E-A887-9A81E587CF8D}
c:\users\Ann Denner\AppData\Local\{68706B18-7700-4CB5-A905-F1558CC54E11}
c:\programdata\bMiLnMk06300

Reglock::

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil10o_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il10o_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 o.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 o.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 o.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10 o.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\32A7D634EB632D11CABB00087CCFBB48\0CCF218B2916AF B49A6CE158872F55AD]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2 _B980_006097C4DE24"
"ComponentVersion"="3.0.8449.0"
"ProductVersion"="9.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00 ,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00 ,5c,00,53,00,4f,00,46,00,\

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
```



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## Cams (Apr 5, 2011)

the log is 639288 characters long so I cant post it in one shot.


----------



## johnb35 (Apr 5, 2011)

Break it up into mulitple posts, just remember where you left off.


----------



## Cams (Apr 5, 2011)

Holy crap!


----------



## johnb35 (Apr 5, 2011)

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



```
Killall::


Folder::

c:\users\Ann Denner\AppData\Local\{962A33F2-EC23-4D55-9537-9442083ECD4E}
c:\users\Ann Denner\AppData\Local\{AA3DD051-D451-4A3E-A925-F1884819661E}
c:\users\Ann Denner\AppData\Local\{AD47A703-035D-43A1-964B-7ED170E08C14}
c:\users\Ann Denner\AppData\Local\{2ACC1756-DB49-4D0C-A970-F744CE401D7E}
c:\users\Ann Denner\AppData\Local\{FB128E9E-BF44-42B9-A753-2CB805F67797}
c:\users\Ann Denner\AppData\Local\{79254E41-303A-49BC-A9A1-BF743F08D8FD}
c:\users\Ann Denner\AppData\Local\{174DBB4A-B7AC-4268-A91A-8B13880200CF}
c:\users\Ann Denner\AppData\Local\{D81BD532-F7EF-4501-9495-8CEC0ED24E29}
c:\users\Ann Denner\AppData\Local\{7A806566-0317-45F1-AF3E-8B4B0F6CD43A}
c:\users\Ann Denner\AppData\Local\{09F3D412-4EB6-470D-8AB3-420E812B89F9}
c:\users\Ann Denner\AppData\Local\{46B89676-3C39-46FB-AB60-205CE51D03FE}
c:\users\Ann Denner\AppData\Local\{82A22DBF-70C8-41F6-94F8-77AFAE37EED9}
c:\users\Ann Denner\AppData\Local\{6FBFF72C-ABB7-49CE-95F5-B551BEB040CA}
c:\users\Ann Denner\AppData\Local\{6FBFF72C-ABB7-49CE-95F5-B551BEB040CA}
c:\users\Ann Denner\AppData\Local\{B51984B8-2349-4620-A0EC-15674A3FE7E8}
c:\users\Ann Denner\AppData\Local\{B1FCD876-24F6-4A6C-8707-B260E8401501}
c:\users\Ann Denner\AppData\Local\{8477AEFE-6C29-444E-98DA-3F420BDE1A92}
c:\users\Ann Denner\AppData\Local\{0B5397D7-5F1A-4683-A6F2-2945D9FD73C6}
c:\users\Ann Denner\AppData\Local\{54B6007E-76E4-4E5F-A2AA-6738F95E75CB}
c:\users\Ann Denner\AppData\Local\{2212034B-3588-46FB-B245-F3CAC5915B84}
c:\users\Ann Denner\AppData\Local\{B0E199C9-C2AA-4709-B24F-FA1DA630ED04}
c:\users\Ann Denner\AppData\Local\{64C561D3-8D28-4B09-B523-FF0CE8B946F0}
c:\users\Ann Denner\AppData\Local\{372A8284-EC7C-4C10-A8AE-EACD40D09B74}
c:\users\Ann Denner\AppData\Local\{4BDC292D-24DA-4D09-ABB1-720E74E09882}
c:\users\Ann Denner\AppData\Local\{4C75E042-1ABF-49B3-8691-98B7D88F82FA}
c:\users\Ann Denner\AppData\Local\{403D0AA8-4848-41A5-83F2-5CB2EF8E84B9}
c:\users\Ann Denner\AppData\Local\{1C89CE03-D7EC-44F0-BEC1-11BE3A3B2F0E}
c:\users\Ann Denner\AppData\Local\{A354EBF4-9D8B-435E-9B2F-84CE19AE4F45}
c:\users\Ann Denner\AppData\Local\{EDDAED52-9A2E-4251-8E67-A8D9ADC7A7CF}
c:\users\Ann Denner\AppData\Local\{30A415EB-55F1-48BF-9584-4A2145F021DF}
c:\users\Ann Denner\AppData\Local\{1EAD172D-3AEB-40F6-A95C-21B63D6A43C3}
c:\users\Ann Denner\AppData\Local\{6668E1E9-16F1-4777-B9EF-CC2BE41092BA}
c:\users\Ann Denner\AppData\Local\{D389357C-9FED-4699-9D4C-27044AF05B8B}
c:\users\Ann Denner\AppData\Local\{C4467FFB-023E-4202-A435-A74E8D62EFEB}
c:\users\Ann Denner\AppData\Local\{80EF2755-3AE1-4D5E-A887-9A81E587CF8D}
c:\users\Ann Denner\AppData\Local\{68706B18-7700-4CB5-A905-F1558CC54E11}

Dirlook::
c:\programdata\bMiLnMk06300\bMiLnMk06300
```

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

This will be a shorter normal log.


----------



## johnb35 (Apr 5, 2011)

Ok, one more script to run.   If its a very long log, just post the first part of it up to where it says snapshot.  If its a normal log go ahead and post it.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
Folder::

c:\users\Ann Denner\AppData\Local\{87F113C8-C070-4CB7-AD01-8E0FFB39ABB6}
c:\programdata\bMiLnMk06300
```


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## Cams (Apr 6, 2011)

Does this log look good? My internet explorer still freezes up on me constantly.


----------



## johnb35 (Apr 7, 2011)

Open IE, click on tools, internet options, advanced tab. Click on the buttons that say restore advanced settings and reset.  Next click on the view menu, toolbars, and uncheck all toolbars except menu bar, favorite bar,  command bar, and status bar.  Close IE and reopen it and see if it freezes up.

Post an uninstall list using hijackthis.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it, then copy and paste that log back here.


----------



## Cams (Apr 8, 2011)

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Apple Application Support
Apple Software Update
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CyberLink YouCam
D3DX10
DVD Suite
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
HP Doc Viewer
HP Easy Setup - Frontend
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Update
HP User Guides 0090
HP Wireless Assistant
Java(TM) 6 Update 24
jZip
LabelPrint
LightScribe System Software
LightScribe Template Labeler
Logitech SetPoint
Malwarebytes' Anti-Malware
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Script Debugger
Microsoft Silverlight
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.1
Passware Kit Professional 9.3
Power2Go
PowerDirector
PrimoPDF -- by Nitro PDF Software
QuickBooks
QuickBooks Pro 2009
QuickPlay SlingPlayer 0.4.6
QuickTime
Remote Desktop Connection
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio 2007 (KB2434737)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Skype™ 4.2
Slingbox Flash Tour
SlingPlayer
Small Business Advisor 2009.Q2
Snagit 9.1.3
SourceGear Vault Client
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wriiper
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VMware Player
WebEx MeetMeNow
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources


----------



## Cams (Apr 8, 2011)

IE will open ok but will lock up if you click on anything and just says not responding.


----------



## johnb35 (Apr 8, 2011)

It might be that weird toolbar in the registry.  Let's get rid of it.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


```
Killall::

Folder::
c:\users\Ann Denner\AppData\Local\{93BB88BD-8692-404F-A1DA-957A19F66F7F}

Registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\Toolbar]
"{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-08 297808]

[-HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
[HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]
```
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## Cams (Apr 8, 2011)

ComboFix 11-04-07.06 - Ann Denner 04/07/2011  22:45:58.5.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4030.1796 [GMT -4:00]
Running from: c:\users\Ann Denner\Downloads\ComboFix.exe
Command switches used :: c:\users\Ann Denner\Desktop\CFScript.txt
AV: Emsisoft Anti-Malware *Disabled/Updated* {607A6E45-BE50-AFD5-4F70-7EAAEC5B715D}
SP: Emsisoft Anti-Malware *Disabled/Updated* {DB1B8FA1-986A-A05B-75C0-45D897DC3BE0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ann Denner\AppData\Local\{93BB88BD-8692-404F-A1DA-957A19F66F7F}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-08 to 2011-04-08  )))))))))))))))))))))))))))))))
.
.
2011-04-08 02:56 . 2011-04-08 02:56	--------	d-----w-	c:\users\QBDataServiceUser19\AppData\Local\temp
2011-04-08 02:56 . 2011-04-08 02:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-04 20:06 . 2011-03-18 17:53	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-04-04 20:06 . 2011-03-18 17:53	16856	----a-w-	c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-04-04 20:06 . 2011-03-18 17:53	781272	----a-w-	c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-04-04 20:06 . 2011-03-18 17:53	1874904	----a-w-	c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-04-04 20:06 . 2011-03-18 17:53	719832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-04-04 20:06 . 2011-03-18 17:53	15832	----a-w-	c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-04-04 20:06 . 2011-03-18 17:53	728024	----a-w-	c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-04-04 20:06 . 2011-03-18 17:53	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-04-04 20:06 . 2011-03-18 17:53	1893336	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-04-04 20:06 . 2011-03-18 17:53	1975768	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-28 02:14 . 2011-03-28 02:14	--------	d-----w-	c:\users\Ann Denner\AppData\Roaming\AVG10
2011-03-28 02:08 . 2011-04-05 00:11	--------	d-----w-	c:\programdata\AVG10
2011-03-28 01:13 . 2011-03-28 01:24	--------	d-----w-	c:\programdata\MFAData
2011-03-27 18:55 . 2011-03-27 18:55	--------	d-----w-	c:\program files\CCleaner
2011-03-25 12:49 . 2011-03-15 05:17	8424784	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBB05507-31FB-41F7-AA9C-0E68047E1F3E}\mpengine.dll
2011-03-23 14:46 . 2011-02-22 14:47	479744	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-23 14:46 . 2011-02-22 14:13	288768	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-23 14:46 . 2011-02-22 13:53	1555968	----a-w-	c:\windows\system32\DWrite.dll
2011-03-23 14:46 . 2011-02-22 13:53	1149440	----a-w-	c:\windows\system32\FntCache.dll
2011-03-23 14:46 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-03-10 08:12 . 2010-12-29 19:01	416768	----a-w-	c:\windows\system32\sbe.dll
2011-03-10 08:12 . 2010-12-29 19:01	559616	----a-w-	c:\windows\system32\EncDec.dll
2011-03-10 08:12 . 2010-12-29 18:28	429056	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-03-10 08:12 . 2010-12-29 19:01	210944	----a-w-	c:\windows\system32\sbeio.dll
2011-03-10 08:12 . 2010-12-29 18:59	226816	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-10 08:12 . 2010-12-29 18:28	322560	----a-w-	c:\windows\SysWow64\sbe.dll
2011-03-10 08:12 . 2010-12-29 18:28	153088	----a-w-	c:\windows\SysWow64\sbeio.dll
2011-03-10 08:12 . 2010-12-29 18:26	177664	----a-w-	c:\windows\SysWow64\mpg2splt.ax
2011-03-09 18:01 . 2010-12-17 17:34	2425344	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 18:01 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\SysWow64\mstscax.dll
2011-03-09 18:01 . 2010-12-17 15:41	731136	----a-w-	c:\windows\system32\mstsc.exe
2011-03-09 18:01 . 2010-12-17 13:54	677888	----a-w-	c:\windows\SysWow64\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 10:57 . 2010-06-24 15:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-03 01:40 . 2010-06-11 19:43	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-02-02 22:11 . 2009-10-02 16:15	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:46 . 2011-02-09 12:56	900480	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-09 12:56	366592	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-09 12:56	625152	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-09 12:56	287232	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-09 12:56	327680	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-09 12:56	196096	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-09 12:56	1268224	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-09 12:56	748544	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-09 12:56	47104	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-09 12:56	3548672	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-09 12:56	35840	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-09 12:56	278528	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-09 12:56	195072	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-09 12:56	478720	----a-w-	c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-09 12:56	219648	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 12:56	160768	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 12:56	1029120	----a-w-	c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-09 12:56	189952	----a-w-	c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 12:56	258048	----a-w-	c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-09 12:56	586240	----a-w-	c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-09 12:56	2873344	----a-w-	c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-09 12:56	209920	----a-w-	c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-09 12:56	98816	----a-w-	c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-09 12:56	3068416	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-09 12:56	1653760	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-09 12:56	1032192	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-09 12:56	1461760	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-09 12:56	231936	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-09 12:56	1257984	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-09 12:56	428544	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-09 12:56	345088	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-09 12:56	34304	----a-w-	c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-09 12:56	377344	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-09 12:56	2002944	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-09 12:56	566272	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-09 12:56	1554432	----a-w-	c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 12:56	876032	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-09 12:56	847360	----a-w-	c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 12:56	135680	----a-w-	c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 12:56	979456	----a-w-	c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 12:56	357376	----a-w-	c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 12:56	302592	----a-w-	c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 12:56	261632	----a-w-	c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 12:56	1172480	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 12:56	486400	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-09 12:56	834048	----a-w-	c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-09 12:56	683008	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-01-08 09:03 . 2011-02-09 12:51	48128	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-09 12:51	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-09 12:51	367104	----a-w-	c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-09 12:51	292352	----a-w-	c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-04-05_02.43.37   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-09 00:13 . 2011-04-04 13:49	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-09-09 00:13 . 2011-04-08 01:52	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-09-09 00:13 . 2011-04-04 13:49	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-09-09 00:13 . 2011-04-08 01:52	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-09 00:13 . 2011-04-04 13:49	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-09-09 00:13 . 2011-04-08 01:52	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 02:49 . 2008-01-21 02:49	65536              c:\windows\bfsvc.exe
+ 2006-11-02 12:42 . 2006-11-02 08:45	122880              c:\windows\system32\DriverStore\FileRepository\prnca001.inf_c505b61f\Amd64\CNBBR124.DLL2008-01-21 02:49 . 2008-01-21 02:49	65536              c:\windows\bfsvc.exe
+ 2009-09-08 17:10 . 2011-04-08 01:52	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-09-08 17:10 . 2011-03-31 15:36	262144              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SetupType"="Portable" [X]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2009-08-15 64048]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-9 1196048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 136176]
R3 NgFilter;Aventail VPN Filter;c:\windows\system32\DRIVERS\ngfilter.sys [x]
R3 NgLog;Aventail VPN Logging;c:\windows\system32\DRIVERS\nglog.sys [x]
R3 NgVpn;Aventail VPN Adapter;c:\windows\system32\DRIVERS\ngvpn.sys [x]
R3 NgWfp;Aventail VPN Callout;c:\windows\system32\DRIVERS\ngwfp.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 QuickBooksDB19;QuickBooksDB19;c:\progra~2\Intuit\QUICKB~1\QBDBMgrN.exe [2009-10-01 131072]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 03:07]
.
2011-04-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-06 03:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 15952416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 82464]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 218112]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [BU]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/Ser...llya694le36z&scc=1&ltmpl=default&ltmplcache=2
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
Trusted Zone: intuit.com\ttlc
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\users\Ann Denner\AppData\Roaming\Mozilla\Firefox\Profiles\nzykvgue.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.xfinity.com/customer/start/?cid=xfstart_tech_main
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4d8fee5c&i=23&tp=ab&nt=1&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{1c99b848-84cb-4ce4-8cd8-ed5719484d9f} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\32A7D634EB632D11CABB00087CCFBB48\0CCF218B2916AFB49A6CE158872F55AD]
@DACL=(02 0000)
"PatchGUID"=""
"MediaCabinet"=""
"File"="Global_VC_ATLUnicode_f1.7EBEDD68_AA66_11D2_B980_006097C4DE24"
"ComponentVersion"="3.0.8449.0"
"ProductVersion"="9.0.3"
"PatchSize"="0"
"PatchAttributes"="0"
"PatchSequence"="0"
"SharedComponent"="0"
"IsFullFile"="0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\System32\spool\drivers\x64\3\WrtProc.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2011-04-07  23:10:45 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-08 03:10
ComboFix2.txt  2011-04-06 02:30
ComboFix3.txt  2011-04-05 12:58
ComboFix4.txt  2011-04-05 02:48
ComboFix5.txt  2011-04-08 02:42
.
Pre-Run: 61,310,967,808 bytes free
Post-Run: 61,250,985,984 bytes free
.
- - End Of File - - D6429DD18297A2BA10F20CEAC9C9DF79


----------



## johnb35 (Apr 8, 2011)

Let me know if that helps any.  If not, you may want to try reinstalling IE.  Does it say its IE itself or a dll file?  Have you looked in event viewer?


----------



## Cams (Apr 8, 2011)

IE seems to work fine now. like I said before this is my wifes laptop. After you helped me with my rig a while back I have had no problems. This machine however has had less than desirable care over the past three years and it shows.

Event viewer wont let me look at any logs. It says...

"Event viewer cannot open the event log or custom view. Verify that event log service is running. The data is invalid. (13)"

I checked and event log service is set to auto and has been started. I also found it in the list of running services in the task manager.


----------



## johnb35 (Apr 8, 2011)

That means the log is corrupt and you need to clear it and start fresh.  I just had to do this to a clients laptop just a couple weeks ago.

http://www.howtogeek.com/howto/wind...-open-the-event-log-when-viewing-system-logs/


----------



## johnb35 (Apr 8, 2011)

Also, I just checked the uninstall list and Ccleaner was not listed.  Are you sure you ran it?


----------



## Cams (Apr 8, 2011)

Thats weird I just searched for it and it opens right up if you click on it. I did run it because I remember laughing that it found so much wrong with the pc compared to when I have used it in the past on my personal rig. Should I run it again?


----------



## Cams (Apr 8, 2011)

I have errors and warnings for miles under administrative events but the rest I saved and cleared.


----------



## johnb35 (Apr 8, 2011)

Always run it after cleaning up an infection.  Also you should stop system restore so it deletes any old restore points and then reenable it again and start fresh.


----------



## Cams (Apr 17, 2011)

Sorry I dropped off the map I have a three month old, just moved, bought a house, got a new job, and bought a new car so I am really crunched for time. 

Will system restore allow me to go back to before the problem occured without having to do all of this with you? It seems to really hog up yours and my time.

Anyhow I am making a new thread with some logs for my mom computer. I tried running a few programs and it helped but I would like your opinion if you dont mind. There is so much info in those logs that I dont understand so I have been leaving that part alone.


----------



## johnb35 (Apr 17, 2011)

It's really not a bother.  I'm more worried about errors appearing in the event viewer after we have cleaned up your system.  I would need to know what some of the errors are.  I'm leaving for work shortly so I will reply tonight about the logs for your moms computer.

If you are still having some issues then you are better off just reinstalling windows as doing a system restore will put your system back into the shape it was before we started cleaning it up.


----------



## Cams (Apr 17, 2011)

I meant in the future if something goes wrong I could try to do a system restore if it was only a small problem


----------



## johnb35 (Apr 18, 2011)

If you haven't already done so, please disable system restore so it deletes any infected restore points and then reenable it and then create a new restore point.

Sometimes doing a system restore will work, other times it won't.


----------

