Ok, I went through Add/Remove programs and found
Coupon Printer for Windows and uninstalled it. Nothing else on your list was there... Incidentally
Boujour and something called
Search Donkey is in there. Also, that
APagent thing still shows up after re-booting. One more thing: lately when I search for something on the internet I get this annoying
Hotstartsearch.com that goes in front of yahoo, everytime. I just thought I might mention this....
I did all the other things you asked me to do, and here is the log. You mentioned turning off and on my virus and
Other security Programs. The only one I have is MSE.?
ComboFix 13-04-06.01 - Andrew 04/07/2013 8:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.231 [GMT -7:00]
Running from: c:\documents and settings\Andrew\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\windows\system32\DRIVERS\avglogx.sys"
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\Tasks\SpeedyPC Registration3.job"
"c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job"
"c:\windows\Tasks\SpeedyPC Update Version3.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
c:\program files\Common Files\SpeedyPC Software
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\ad_generic.jpg
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\close_pu_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\Logo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_md.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\min_mo.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\progress_glow.png
c:\program files\Common Files\SpeedyPC Software\UUS3\Images\topbar_gradient.png
c:\program files\Common Files\SpeedyPC Software\UUS3\LiteUnzip.dll
c:\program files\Common Files\SpeedyPC Software\UUS3\settings.xml
c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGLOGX
-------\Legacy_AVGTP
-------\Legacy_NORTON_PC_CHECKUP_APPLICATION_LAUNCHER
-------\Legacy_PCCUJOBMGR
-------\Legacy_TUNEUP.UTILITIESSVC
-------\Legacy_TUNEUPUTILITIESDRV
-------\Legacy_VTOOLBARUPDATER12.2.6
-------\Legacy_VTOOLBARUPDATER14.2.0
-------\Service_Avglogx
-------\Service_avgtp
-------\Service_Norton PC Checkup Application Launcher
-------\Service_PCCUJobMgr
-------\Service_TuneUp.UtilitiesSvc
-------\Service_TuneUpUtilitiesDrv
-------\Service_vToolbarUpdater12.2.6
-------\Service_vToolbarUpdater14.2.0
.
.
((((((((((((((((((((((((( Files Created from 2013-03-07 to 2013-04-07 )))))))))))))))))))))))))))))))
.
.
2013-04-07 14:30 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EE899AA6-3416-44DF-BF5A-6F53705E5C9C}\mpengine.dll
2013-04-06 16:25 . 2013-03-15 07:21 7108640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-04-05 16:59 . 2013-04-05 16:59 177496 ----a-w- c:\windows\system32\drivers\51236355.sys
2013-04-05 16:59 . 2013-04-05 16:59 -------- d-----w- C:\TDSSKiller_Quarantine
2013-04-04 17:25 . 2013-04-04 18:24 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-04-04 17:22 . 2013-04-04 17:22 -------- d-----w- c:\program files\Tweaking.com
2013-04-03 23:16 . 2013-04-02 10:33 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-04-03 23:06 . 2013-04-03 23:07 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-29 22:19 . 2013-03-29 22:19 -------- d-----w- c:\windows\Sun
2013-03-26 04:23 . 2013-03-26 04:33 -------- d-----w- C:\d608f2bb5b323a930a256af12f5c77
2013-03-25 20:05 . 2013-03-25 20:05 -------- d-----w- c:\program files\Tuguu SL
2013-03-25 17:18 . 2013-03-25 17:18 -------- d-----w- c:\program files\SearchDonkey
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\NetworkService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LocalService\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\LAND & STREAM CO\AppData
2013-03-25 17:17 . 2013-03-25 17:17 -------- d-----w- c:\documents and settings\Andrew\AppData
2013-03-12 17:56 . 2013-03-12 18:28 -------- d-----w- c:\program files\Free Download Manager
2013-03-09 23:29 . 2013-03-09 23:29 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Yahoo
2013-03-09 23:12 . 2013-03-13 15:30 -------- d-----w- c:\windows\msdownld.tmp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-05 17:00 . 2004-08-03 23:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-02-21 19:32 . 2012-10-06 04:42 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-11-21 00:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 18:21 . 2013-02-08 18:22 5259504 ----a-w- c:\windows\uninst.exe
2013-02-05 20:05 . 2004-11-21 00:04 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-11-21 00:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 20:05 . 2004-11-21 00:04 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:53 . 2004-11-21 00:04 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-11-21 00:04 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 22:59 . 2013-01-20 22:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DDA5D4B3-468F-4D62-9092-75142C6169B1}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-06 5406720]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\documents and settings\Andrew\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 3050 J610 series.lnk - c:\windows\system32\RunDll32.exe [2004-11-20 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2004-10-27 23:40 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\AirPort\\APUtil.exe"=
"c:\\Program Files\\Online Services\\AOL Instant Messenger Setup\\aimsetup.exe"=
"c:\\Program Files\\Sony\\vaio media 3.1\\VmpClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour
.
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;c:\program files\Fast Free Converter\FastFreeConverterUpdt.exe [11/26/2012 6:30 AM 687104]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-06 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At10.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-05 c:\windows\Tasks\At11.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-06 c:\windows\Tasks\At12.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-07 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At5.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At6.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-07 c:\windows\Tasks\At7.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At8.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2010-06-15 00:07]
.
2013-04-06 c:\windows\Tasks\At9.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-09 02:06]
.
2013-04-07 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 18:11]
.
2008-12-17 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2008-12-17 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-11-21 00:12]
.
2013-04-07 c:\windows\Tasks\User_Feed_Synchronization-{338A9EA3-733C-4378-9B99-3D24E7CBD95A}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
2013-04-07 c:\windows\Tasks\User_Feed_Synchronization-{6658E6C8-7180-43A7-851B-F41F858CBE3B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=79
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-04-07 09:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(1488)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\System32\snmp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-04-07 09:19:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-07 16:19
ComboFix2.txt 2013-04-06 16:06
.
Pre-Run: 55,925,854,208 bytes free
Post-Run: 56,052,011,008 bytes free
.
- - End Of File - - B3D2DBCB9CF08705D6E6E5E3087CE0B7