I think my computer in infected with Pup.PlaySushi

[Fun Gal]

I have windows Vista Home Premium on a HP Laptop.

I already screwed up. I installed Malwarebytes yesterday and did a scan that found about 150 problems. There were a whole bunch of Pup.PlaySushi items detected.  I went to delete them and the laptop froze up. I had to reboot and when I opened program back up there was nothing in the log. I ran a second scan and it only fixed 2 items.

Anyway, here are the logs I believe I'm supposed to post.

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 11:03:44
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : kstrickbine - KSTRICKBINE-PC
# Boot Mode : Normal
# Running from : C:\Users\kstrickbine\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\PlaySushi
Folder Found : C:\Users\kstrickbine\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\kstrickbine\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\PlaySushi
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Found : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Found : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi
Key Found : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi.1
Key Found : HKLM\SOFTWARE\Classes\PSText.IEButton
Key Found : HKLM\SOFTWARE\Classes\PSText.IEButton.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2394708
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlaySushi
Key Found : HKU\S-1-5-21-2998860259-3874088516-2738648896-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\kstrickbine\AppData\Roaming\Mozilla\Firefox\Profiles\xkpedzbt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3974 octets] - [29/12/2012 11:03:44]

########## EOF - C:\AdwCleaner[R1].txt - [4034 octets] ##########

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.29.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088
kstrickbine :: KSTRICKBINE-PC [administrator]

12/29/2012 1:24:25 AM
mbam-log-2012-12-29 (01-24-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209312
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Users\kstrickbine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] (PUP.PlaySushi) -> Quarantined and deleted successfully.
C:\Users\kstrickbine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components (PUP.PlaySushi) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19088
Run by kstrickbine at 11:40:50 on 2012-12-29
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3002.1989 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - <no file>
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.102/FreeRealmsInstaller.cab?v=1049
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{1C0585FA-2D5E-4E40-B132-4061556D96FF} : DHCPNameServer = 192.168.1.254 192.168.1.2
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E6A78D23-C223-48AC-92DA-5902ED146B08} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
Notify: PFW - UmxWnp.Dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kstrickbine\appdata\roaming\mozilla\firefox\profiles\xkpedzbt.default\
FF - plugin: c:\program files\sony online entertainment\npsoe.dll
FF - plugin: c:\users\kstrickbine\appdata\local\microsoft\internet explorer\downloaded program files\npsoe.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - ExtSQL: 2012-12-29 00:02; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\kstrickbine\appdata\roaming\mozilla\firefox\profiles\xkpedzbt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-6-24 103952]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-6-24 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-6-24 45584]
R1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\drivers\KmxFilter.sys [2007-10-18 51728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-24 138744]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-6-24 66576]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-6-24 88816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 UmxCfg;HIPS Configuration Interpreter;"c:\program files\ca\sharedcomponents\hipsengine\umxcfg.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-29 06:22:59   --------   d-----w-   c:\users\kstrickbine\appdata\roaming\Malwarebytes
2012-12-29 06:22:48   --------   d-----w-   c:\programdata\Malwarebytes
2012-12-29 06:22:47   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-29 06:22:47   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-12-29 05:48:21   --------   d-----w-   c:\users\kstrickbine\appdata\local\Macromedia
2012-12-29 05:48:05   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-29 05:48:05   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-29 05:31:01   --------   d-----w-   c:\program files\CCleaner
2012-12-29 05:07:51   --------   d-----w-   c:\users\kstrickbine\appdata\roaming\AVG2013
2012-12-29 05:07:06   --------   d-----w-   c:\users\kstrickbine\appdata\roaming\TuneUp Software
2012-12-29 05:05:52   --------   d--h--w-   C:\$AVG
2012-12-29 05:05:52   --------   d-----w-   c:\programdata\AVG2013
2012-12-29 05:04:14   --------   d-----w-   c:\program files\AVG
2012-12-29 04:58:25   --------   d--h--w-   c:\programdata\Common Files
2012-12-29 04:58:25   --------   d-----w-   c:\users\kstrickbine\appdata\local\MFAData
2012-12-29 04:58:25   --------   d-----w-   c:\users\kstrickbine\appdata\local\Avg2013
2012-12-29 04:58:25   --------   d-----w-   c:\programdata\MFAData
2012-12-28 16:27:08   6812136   ----a-w-   c:\programdata\microsoft\windows defender\definition updates\{d525b5dd-682c-43b1-aece-9ec35278ae24}\mpengine.dll
2012-12-25 17:15:18   26840   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-25 17:14:10   --------   d-----w-   c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-25 17:01:40   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-25 17:01:40   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-25 17:01:40   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-25 17:01:40   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-25 17:01:39   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-25 17:01:39   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-25 17:01:39   159744   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M  ====================
.
2012-10-25 09:12:26   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2012-10-22 19:02:46   179936   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 09:48:52   55776   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2012-10-02 09:30:38   159712   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
.
============= FINISH: 11:41:46.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2009 3:08:34 PM
System Uptime: 12/29/2012 10:59:50 AM (1 hours ago)
.
Motherboard: Wistron |  | 3612
Processor: Pentium(R) Dual-Core CPU       T4200  @ 2.00GHz | CPU | 2000/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 203.306 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
AVG 2013
Bonjour
BufferChm
C4400
C4400_Help
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Copy
CustomerResearchQFolder
CyberLink DVD Suite
CyberLink YouCam
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
ESU for Microsoft Vista
eSupportQFolder
Free Realms
GPBaseService
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Help and Support
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.40 H2
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPTCSSetup
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 7
Juno Preloader
LabelPrint
LightScribe System Software  1.14.17.1
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
My HP Games
NetWaiting
NetZero Preloader
PanoStandAlone
Playsushi
Power2Go
PowerDirector
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SmartWebPrintingOC
SolutionCenter
SPORE Creature Creator Trial Edition
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
VideoToolkit01
WebReg
Windows Media Player Firefox Plugin
.
==== End Of File ===========================

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************

Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[Fun Gal]

I greatly appreciate the help. Here's the files you requested.

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 14:42:12
# Updated 29/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# User : kstrickbine - KSTRICKBINE-PC
# Boot Mode : Normal
# Running from : C:\Users\kstrickbine\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\PlaySushi
Folder Deleted : C:\Users\kstrickbine\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\kstrickbine\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\PlaySushi
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PlaySushi
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21608B66-026F-4DCB-9244-0DACA328DCED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{E89A07B5-BD7A-43F9-BDA4-0DAA48AC4FA5}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PSText.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45A8F904-D9CA-439B-9CBB-11097B45D9E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5272CCD4-4199-4B04-BF68-B28A0DCF0151}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F165085B-6B85-4AD5-AD00-95552A823F6D}
Key Deleted : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi
Key Deleted : HKLM\SOFTWARE\Classes\PlaySushi32.PlaySushi.1
Key Deleted : HKLM\SOFTWARE\Classes\PSText.IEButton
Key Deleted : HKLM\SOFTWARE\Classes\PSText.IEButton.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2394708
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{975BBCC0-19DF-47C2-9AE2-D78EEFA96821}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EBD24BD3-E272-4FA3-A8BA-C5D709757CAB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlaySushi

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\kstrickbine\AppData\Roaming\Mozilla\Firefox\Profiles\xkpedzbt.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4103 octets] - [29/12/2012 11:03:44]
AdwCleaner[S1].txt - [3961 octets] - [29/12/2012 14:42:12]

########## EOF - C:\AdwCleaner[S1].txt - [4021 octets] ##########

 Results of screen317's Security Check version 0.99.56 
 Windows Vista Service Pack 1 x86 (UAC is enabled) 
 Out of date service pack!![/b]
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Firewall Enabled! 
AVG Anti-Virus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Malwarebytes Anti-Malware version 1.70.0.1100 
 CCleaner     
 Java(TM) 6 Update 38 
 Java(TM) 6 Update 7 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player    11.5.502.135 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````[/u] 
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````[/u]

ComboFix 12-12-29.02 - kstrickbine 12/29/2012  15:03:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.3002.1873 [GMT -6:00]
Running from: c:\users\kstrickbine\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kstrickbine\AppData\Roaming\Microsoft\Windows\Recent\Facebook.url
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
.
.
(((((((((((((((((((((((((   Files Created from 2012-11-28 to 2012-12-29  )))))))))))))))))))))))))))))))
.
.
2012-12-29 21:11 . 2012-12-29 21:11   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-29 19:14 . 2012-12-29 19:14   --------   d-----w-   c:\windows\Sun
2012-12-29 19:13 . 2012-12-29 19:13   477168   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-12-29 19:13 . 2012-12-29 19:13   473072   ----a-w-   c:\windows\system32\deployJava1.dll
2012-12-29 06:22 . 2012-12-29 06:22   --------   d-----w-   c:\users\kstrickbine\AppData\Roaming\Malwarebytes
2012-12-29 06:22 . 2012-12-29 06:22   --------   d-----w-   c:\programdata\Malwarebytes
2012-12-29 06:22 . 2012-12-29 06:22   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2012-12-29 06:22 . 2012-12-14 22:49   21104   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-29 05:48 . 2012-12-29 05:48   --------   d-----w-   c:\users\kstrickbine\AppData\Local\Macromedia
2012-12-29 05:48 . 2012-12-29 05:48   73656   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-29 05:48 . 2012-12-29 05:48   697272   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-12-29 05:37 . 2012-12-29 05:37   --------   d-----w-   c:\users\kstrickbine\AppData\Local\Mozilla
2012-12-29 05:37 . 2012-12-29 05:37   --------   d-----w-   c:\program files\Mozilla Maintenance Service
2012-12-29 05:31 . 2012-12-29 05:31   --------   d-----w-   c:\program files\CCleaner
2012-12-29 05:07 . 2012-12-29 05:07   --------   d-----w-   c:\users\kstrickbine\AppData\Roaming\AVG2013
2012-12-29 05:07 . 2012-12-29 05:07   --------   d-----w-   c:\users\kstrickbine\AppData\Roaming\TuneUp Software
2012-12-29 05:05 . 2012-12-29 05:07   --------   d-----w-   c:\programdata\AVG2013
2012-12-29 05:05 . 2012-12-29 05:05   --------   d-----w-   C:\$AVG
2012-12-29 05:04 . 2012-12-29 05:04   --------   d-----w-   c:\program files\AVG
2012-12-29 04:58 . 2012-12-29 19:42   --------   d-----w-   c:\programdata\MFAData
2012-12-29 04:58 . 2012-12-29 07:45   --------   d-----w-   c:\users\kstrickbine\AppData\Local\Avg2013
2012-12-29 04:58 . 2012-12-29 04:58   --------   d--h--w-   c:\programdata\Common Files
2012-12-29 04:58 . 2012-12-29 04:58   --------   d-----w-   c:\users\kstrickbine\AppData\Local\MFAData
2012-12-28 16:27 . 2012-11-08 18:00   6812136   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{D525B5DD-682C-43B1-AECE-9EC35278AE24}\mpengine.dll
2012-12-25 17:15 . 2012-08-21 19:01   26840   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-25 17:14 . 2012-12-25 17:15   --------   d-----w-   c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-25 17:01 . 2012-12-25 17:01   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-25 17:00 . 2012-12-29 19:27   --------   d-----w-   c:\program files\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-25 09:12 . 2012-10-25 09:12   94208   ----a-w-   c:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12   69632   ----a-w-   c:\windows\system32\QuickTime.qts
2012-10-22 19:02 . 2012-10-22 19:02   179936   ----a-w-   c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 09:48 . 2012-10-15 09:48   55776   ----a-w-   c:\windows\system32\drivers\avgidshx.sys
2012-10-05 09:32 . 2012-10-05 09:32   93536   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2012-10-02 09:30 . 2012-10-02 09:30   159712   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2012-11-29 08:27 . 2012-12-29 05:37   262112   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
2007-05-18 18:30   79368   ----a-w-   c:\windows\System32\UmxWNP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38   34672   ----a-w-   c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 20:13   59280   ----a-w-   c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-26 01:45   171032   ----a-w-   c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-10-09 14:58   75008   ----a-w-   c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17   49152   ----a-w-   c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2008-04-15 21:51   488752   ----a-w-   c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 19:57   152544   ----a-w-   c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-06-09 17:16   2363392   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-26 01:45   170520   ----a-w-   c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-08-01 23:14   202032   ----a-w-   c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-09-24 00:21   468264   ----a-w-   c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-17 18:05   1049896   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 22:55   222504   ------w-   c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDIRShortCut]
2008-06-14 01:11   210216   ------w-   c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
2008-10-07 03:42   210216   ------w-   c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 17:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki...
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\kstrickbine\AppData\Roaming\Mozilla\Firefox\Profiles\xkpedzbt.default\
FF - ExtSQL: 2012-12-29 00:02; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\kstrickbine\AppData\Roaming\Mozilla\Firefox\Profiles\xkpedzbt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-12-29 13:13; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-cafwc - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe
MSConfigStartUp-capfasem - c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-cctray - c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe
MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
MSConfigStartUp-hpqSRMon - c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-QOELOADER - c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
AddRemove-{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8} - c:\program files\HP\Digital Imaging\{FF1F4E8E-A833-4c4b-A14A-45D5B841B5D8}\setup\hpzscr01.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-29 15:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
.
c:\users\KSTRIC~1\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-29  15:14:01
ComboFix-quarantined-files.txt  2012-12-29 21:13
.
Pre-Run: 217,799,249,920 bytes free
Post-Run: 217,707,765,760 bytes free
.
- - End Of File - - B59E107FE46FBE0006E3E7230536BD54

[SuperDave]

Go to Microsoft Windows Update and get all critical updates including Service Pack 2.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
**************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

**************************************************
Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  

  KillAll::
  
  Firefox::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  DDS::
  Trusted Zone: clonewarsadventures.com
  Trusted Zone: freerealms.com
  Trusted Zone: soe.com
  Trusted Zone: sony.com
  
  
• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• You don't need to post the log from this script.
  

*************************************************

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[Fun Gal]

I have tried and tried to update to service pack 2 and it will not install. I downloaded and ran the “Check for System Update Readiness” tool and it didn't help either. All other programs have been updated.

Here's the log you requested.

Thank you.

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : kstrickbine [Admin rights]
Mode : Scan -- Date : 12/30/2012 19:51:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 ATA Device +++++
--- User ---
[MBR] 6e8fa847bb97525c5e29a2c7f3a50bf5
[BSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294097 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 602312704 | Size: 11144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_12302012_02d1951.txt >>
RKreport[1]_S_12302012_02d1951.txt

[SuperDave]

1. Download this diagnostics tool MGADiag.ext and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.
*************************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[Fun Gal]

Here are the 2 logs you requested.

I do appreciate the help Dave. Happy New Year!

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
Windows Product ID: 89578-OEM-7332157-00061
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {E2C175A4-1ED9-42EA-A96E-06446D35520D}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 102
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{E2C175A4-1ED9-42EA-A96E-06446D35520D}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-2998860259-3874088516-2738648896</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP G60 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.35</Version><SMBIOSVersion major="2" minor="4"/><Date>20090304000000.000000+000</Date></BIOS><HWID>DB323507018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults> 

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500061-02-1033-6001.0000-1732009
Installation ID: 019602833383736625916554536383359114222 151935743814412
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: WQD8Q
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NAAAAAEAAgABAAIAAQABAAAAAwABAAEAeqh8U1a KQq16f9QXgvTGBvL0BHYiobajrFZGyg==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name   OEMID Value   OEMTableID Value
  APIC         INSYDE         
  FACP         HPQOEM      SLIC-MPC
  HPET         INSYDE      SLIC-MPC
  BOOT         INSYDE      INSYDE 
  MCFG         INSYDE         
  ASF!         INTEL        HCG
  SLIC         HPQOEM      SLIC-MPC
  SSDT         INTEL       SataAhci
  SSDT         INTEL       SataAhci

This is all that was on the ESET report...

C:\Users\kstrickbine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\1d26c2f5-6aeb204e   Java/TrojanDownloader.Agent.NDR trojan
C:\Users\kstrickbine\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\77e5c3b9-3c15d1d9   multiple threats

[SuperDave]

Happy New Year to you. Please run ESET again and clean the infections.
Please try this tool from MS. It's supposed to fix multiple problems in Vista and Win 7.

Please download and run MS Fix-it from here.

Please let me know if you get your updates.

[Fun Gal]

The microsoft fix link you gave me went to an audio fix. I have been searching all day for fixes via microsoft's website and I still can't get service pack 2 to install. I continually get error message 0x800f081f.

I ran Eset again and this time it found no errors. How is this possible? I will try and run it a 3rd time to see if I get the same results.

[SuperDave]

When you get to that site, click on "find other automated solutions" then click on the Windows Icon. Scroll to the bottom and locate "fix the problem with MS update not working" and click run now.
Don't bother running ESET again.

[Fun Gal]

I had ran the eset scan a third time before I saw your reply and this time if found the infections it showed in my first run, so I did delete them.

I ran the fix from microsoft and still can't update to service pack 2.

[SuperDave]

Please try to download SP 2 from here.

[Fun Gal]

Hi Dave,

I have been trying to download that standalone version of sp2 for the last couple of days. It still won't install. I've looked at my windows update folder and it's been trying to install for almost 2 years. There are tons of installation failed logs associated with sp2.

I've attached a picture of the message I get when it fails to install. There has got to be a way to get this installed 

[year+ old attachment deleted by admin]

[SuperDave]

You should follow the directions in the message box and see where it leads you.

[Fun Gal]

I have followed the messages. It takes me to the same stuff I've tried over and over. I've searched about every post I can find on microsoft's forum and nothing seems to work.

Is it safe to even use my laptop without having SP2 installed? Can I go on using it with only SP1?