TechSpot

Can not open some pages in all browsers (HJT Attached)

By svdberg
Sep 30, 2010
  1. Hello All,

    I'm having trouble opening some pages. I'm not very tech savvy but I have tried just about everything I could find on this forum in regards to a solution. I have tried 3 different browsers (IE, Firefox, Safari) and have been unsuccessful in all 3. I tried turning off my firewall and was still met with no success. I am running Windows 7.

    A few of the sites that aren't working are Google Maps, Yahoo, ESPN, and Kijiji. I'm not sure if there are any commonalities between these sites that can be drawn here. Probably the weirdest part is that occassionaly a page like Google Maps will work for about 5 minutes randomly, then stop working again.

    I have attached an HJT. Hopefully the solution is in there. If not I'm open to any ideas.

    Thanks,

    svdberg
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help you with the problem. We don't screen with HijackThis, so I'd like you to
    please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, please paste the logs for review into your next reply . It's okay to use multiple posts for the logs..

    Questions and Comments:
    1. How much RAM do you have?
    It is possible that if you are low on RAM or if a chip isn't good, high resource users are eating the RAM after displaying with other processes. Then, if you reboot, it frees up the RAM and the cycle starts over again. You also have a lot of unnecessary processes running. IF they start on boot, they will keep running in the background. The more you use, the longer you surf, the quicker the RAM gets used.
    2. Consider uninstalling Advanced SystemCare 3. It is not a good program. If you decide to keep it, please don't use it while I'm helping you.
    3. I note that you are running PSI LeanEra which is a "fully integrated manufacturing ERP system with innovative design to meet the practical hour-to-hour needs of plant managers in many environments." Is this work computer? The following is listed in running processes:
    \CEPSERVERHP\Abaci\Source\abaci.exe Is this that entry> CEP SERVER HP?
    4. Consider uninstalling BitTorrent. More about the dangers of file sharing later. If you decide to keep it, please take it off of the Startup and don't use it while I'm helping you.
    5. You are running SDWinSec.exe This is related to SpyBot Search & Destroy Security Center Service integration with Vista Windows Security Center. Microsoft ships Windows Defender with Vista, however, Spybot-S&D can now easily integrate into the Vista Security Center; which will then monitor if Spybot-S&D is up-to-date and whether the permanent protection (TeaTimer) is running or not.This update will only show on Vista systems, since previous Windows versions do not offer anti malware integration into WSC. Note: Located in \%Program Files%\Spybot - Search & Destroy\

    Did you upgrade to Windows 7 from Vista?

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    .
     
  3. svdberg

    svdberg TS Rookie Topic Starter

    Hey Bobbye,

    I appreciate your help and have noted the recommendations you have made. I will first go through your list of questions. Then post the logs.

    1. I am running a Windows 7 Lenovo with 3.00 GB of RAM
    2. Advanced System Care 3 is uninstalled
    3. This is a personal laptop that I use for work as well. The ERP is a program called ABACI. It would be the entry you referred to.
    4. Bittorrent is unistalled.
    5. I did not upgrade from Vista. This laptop was purchased with Windows 7 already installed. In fact, the Windows 7 decal is still on the body.

    My next three posts will be logs.

    I hope I did everything correctly as
     
  4. svdberg

    svdberg TS Rookie Topic Starter

    My apologies, I must have accidentally hit Post Reply,

    Log #1 - MBAM log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4728

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    01/10/2010 1:36:24 PM
    mbam-log-2010-10-01 (13-36-24).txt

    Scan type: Quick scan
    Objects scanned: 140277
    Time elapsed: 6 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. svdberg

    svdberg TS Rookie Topic Starter

    Log #2 - GMER

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-01 13:46:24
    Windows 6.1.7600
    Running: 9zwerrgz.exe; Driver: C:\Users\Scott\AppData\Local\Temp\fglcypow.sys


    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A45599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text peauth.sys 99E7CC9D 28 Bytes [4F, 9D, 1B, 28, 5B, B4, CD, ...]
    .text peauth.sys 99E7CCC1 28 Bytes [4F, 9D, 1B, 28, 5B, B4, CD, ...]
    PAGE peauth.sys 99E82E20 101 Bytes [A4, 8D, 85, FC, F5, D8, 99, ...]
    PAGE peauth.sys 99E8302C 102 Bytes [07, 5A, 8C, 46, 1A, 69, B9, ...]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{BEB0675C-69FE-4727-B90C-D73266BBE86B}\Connection@Name isatap.{37939BC9-F2F0-49A8-B4BF-8D318E08D523}
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}?\Device\{E79625EC-3848-48FB-9DB6-EEFC7455D123}?\Device\{BEB0675C-69FE-4727-B90C-D73266BBE86B}?\Device\{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}?\Device\{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}?\Device\{41A0DEE9-5985-428C-AF7E-320187BDE828}?\Device\{8297892E-2E63-42B0-94B9-A863C4D51449}?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}"?"{E79625EC-3848-48FB-9DB6-EEFC7455D123}"?"{BEB0675C-69FE-4727-B90C-D73266BBE86B}"?"{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}"?"{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}"?"{41A0DEE9-5985-428C-AF7E-320187BDE828}"?"{8297892E-2E63-42B0-94B9-A863C4D51449}"?
    Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}?\Device\TCPIP6TUNNEL_{E79625EC-3848-48FB-9DB6-EEFC7455D123}?\Device\TCPIP6TUNNEL_{BEB0675C-69FE-4727-B90C-D73266BBE86B}?\Device\TCPIP6TUNNEL_{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}?\Device\TCPIP6TUNNEL_{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}?\Device\TCPIP6TUNNEL_{41A0DEE9-5985-428C-AF7E-320187BDE828}?\Device\TCPIP6TUNNEL_{8297892E-2E63-42B0-94B9-A863C4D51449}?
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BEB0675C-69FE-4727-B90C-D73266BBE86B}@InterfaceName isatap.{37939BC9-F2F0-49A8-B4BF-8D318E08D523}
    Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BEB0675C-69FE-4727-B90C-D73266BBE86B}@ReusableType 0

    ---- EOF - GMER 1.0.15 ----
     
  6. svdberg

    svdberg TS Rookie Topic Starter

    The final two logs are attached as prompted.

    If you would rather I cut and paste let me know.

    Again, I appreciate your help. Let me know if I did anything incorrectly and I will remedy it.

    Thanks,

    svdberg
     

    Attached Files:

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I thought this was clear:
    And although the authors of DDS does have a note about zipping the Attacch.txt log, we have a direction telling member not to do that. It takes me a considerable amount of extra time if I need to identify an entry and have to copy and paste into a search instead of searching directly from my browser.

    You have three antivirus programs running: Norton, Avira and Kaspersky.. Multiple AV programs make a system more vulnerable. Please decide which you want to keep and uninstall; the other> tools to help:
    Norton Removal Tool
    Avast Removal
    I don't have a tool for Kaspersky so check their site.
    Reboot the computer when finished.[/b
    ================================
    After the AV has been handles, please run the following:
    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =======================================

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    Please paste logs. Use multiple posts if needed.
     
  8. svdberg

    svdberg TS Rookie Topic Starter

    Hey Bobbye,

    Sorry about not pasting those other logs. You were certainly clear. My mistake, moving forward I will try to follow your advice word for word.

    As such, here are the logs:

    DDS (Part 1)

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Scott at 13:50:22.79 on 01/10/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3033.1863 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\IgrsSvcs.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\igfxtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lenovo\Energy Management\utility.exe
    C:\Program Files\Lenovo\Energy Management\Energy Management.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Scott\Desktop\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.ca/
    uSearch Bar = Preserve
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
    mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
    mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: {6E2F20AC-28F8-4481-9F58-D72188AC55D1} = 192.168.0.46
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\uqml3bw7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
     
  9. svdberg

    svdberg TS Rookie Topic Starter

    DDS (Part 2)

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-12 54800]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-1 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-1 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-1 60936]
    R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
    R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-29 1153368]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-12 21520]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
    R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-12 11792]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-8 136176]
    S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-12 63240]
    S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-12 414984]
    S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-12 472328]
    S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
    S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]

    =============== Created Last 30 ================

    2010-10-01 16:54:31 0 d-----w- c:\users\scott\appdata\roaming\Avira
    2010-10-01 16:46:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-01 16:46:33 0 d-----w- c:\programdata\Avira
    2010-10-01 16:46:33 0 d-----w- c:\program files\Avira
    2010-10-01 16:37:14 0 d-----w- c:\users\scott\appdata\roaming\Malwarebytes
    2010-10-01 16:37:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-01 16:36:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-01 16:36:59 0 d-----w- c:\programdata\Malwarebytes
    2010-10-01 16:36:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-30 19:56:22 0 d-----w- c:\program files\Trend Micro
    2010-09-30 19:38:02 0 d-----w- c:\programdata\Sun
    2010-09-30 19:37:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-28 13:31:43 0 d-----w- c:\program files\iPod
    2010-09-28 13:30:00 0 d-----w- c:\program files\Bonjour
    2010-09-23 15:59:14 0 d-----w- c:\users\scott\appdata\roaming\IObit
    2010-09-23 15:59:14 0 d-----w- c:\programdata\IObit
    2010-09-23 15:59:11 0 d-----w- c:\program files\IObit
    2010-09-15 18:38:16 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 12:13:28 0 d-----w- c:\program files\iTunes

    ==================== Find3M ====================

    2010-08-06 14:12:10 190120 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 13:50:35.32 ===============
     
  10. svdberg

    svdberg TS Rookie Topic Starter

    Attach


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 29/01/2010 11:30:55 AM
    System Uptime: 10/01/2010 1:26:27 PM (6336 hours ago)

    Motherboard: LENOVO | | NITU1
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 189 GiB total, 143.395 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 28.835 GiB free.
    E: is CDROM ()
    F: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.
    K: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.
    T: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP5: 28/09/2010 8:14:20 AM - Windows Update
    RP6: 29/09/2010 10:57:11 AM - Installed Kaspersky Anti-Virus 2011.
    RP7: 29/09/2010 4:39:07 PM - Windows Update
    RP8: 30/09/2010 3:36:39 PM - Installed Java(TM) 6 Update 21
    RP9: 30/09/2010 5:17:57 PM - Windows Update
    RP10: 01/10/2010 12:23:08 PM - Windows Update

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    7-Zip 9.15 beta
    Abaci ERP Client
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.4
    ALPS Touch Pad Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BlackBerry Desktop Software 6.0
    Bonjour
    Broadcom 802.11 Wireless Driver
    Broadcom Gigabit Integrated Controller
    Brother MFL-Pro Suite MFC-8480DN
    Combined Community Codec Pack 2009-09-09
    Conexant HD Audio
    DivX Setup
    EasyCapture
    Energy Management
    FileZilla Client 3.3.4.1
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    HijackThis 2.0.2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 21
    Lenovo EasyCamera
    Lenovo OneKey Recovery
    Lenovo ReadyComm 5
    Lenovo ReadyComm 5.0 Service
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.10)
    MSVCRT
    Norton Security Scan
    OGA Notifier 2.0.0048.0
    Power2Go
    QuickTime
    Realtek USB 2.0 Card Reader
    Safari
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Skype Toolbars
    Skype™ 4.2
    Spybot - Search & Destroy
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (kb2291599)
    VC80CRTRedist - 8.0.50727.4053
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool

    ==== Event Viewer Messages From Past Week ========

    29/09/2010 10:38:14 AM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
    28/09/2010 9:30:04 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    24/09/2010 8:04:23 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
    01/10/2010 12:46:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    01/10/2010 12:40:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB979538).
    01/10/2010 12:30:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2158563).
    01/10/2010 1:26:49 PM, Error: volmgr [46] - Crash dump initialization failed!

    ==== End Of File ===========================
     
  11. svdberg

    svdberg TS Rookie Topic Starter

    ComboFix

    ComboFix 10-10-03.01 - Scott 04/10/2010 8:29.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3033.2097 [GMT -4:00]
    Running from: c:\users\Scott\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe
    c:\users\Scott\g2mdlhlpx.exe
    c:\windows\system\BisonC07.dll
    c:\windows\system\BisonV07.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
    .

    2010-10-04 12:26 . 2010-10-04 12:27 -------- d-----w- C:\32788R22FWJFW
    2010-10-01 16:54 . 2010-10-01 16:54 -------- d-----w- c:\users\Scott\AppData\Roaming\Avira
    2010-10-01 16:46 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-10-01 16:46 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-01 16:46 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-10-01 16:46 . 2010-10-01 16:46 -------- d-----w- c:\programdata\Avira
    2010-10-01 16:46 . 2010-10-01 16:46 -------- d-----w- c:\program files\Avira
    2010-10-01 16:46 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-10-01 16:37 . 2010-10-01 16:37 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
    2010-10-01 16:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-01 16:36 . 2010-10-01 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-01 16:36 . 2010-10-01 16:36 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-01 16:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-30 19:56 . 2010-09-30 19:56 -------- d-----w- c:\program files\Trend Micro
    2010-09-30 19:38 . 2010-09-30 19:38 -------- d-----w- c:\program files\Common Files\Java
    2010-09-30 19:37 . 2010-09-30 19:37 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-30 19:37 . 2010-09-30 19:37 -------- d-----w- c:\program files\Java
    2010-09-29 20:39 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
    2010-09-29 20:39 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 18:18 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 15:08 . 2010-09-29 15:08 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
    2010-09-29 15:08 . 2010-09-29 15:08 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
    2010-09-28 13:31 . 2010-09-28 13:31 -------- d-----w- c:\program files\iPod
    2010-09-28 13:30 . 2010-09-28 13:30 -------- d-----w- c:\program files\Bonjour
    2010-09-28 13:19 . 2010-09-28 13:19 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
    2010-09-23 15:59 . 2010-09-29 14:38 -------- d-----w- c:\users\Scott\AppData\Roaming\IObit
    2010-09-23 15:59 . 2010-09-23 15:59 -------- d-----w- c:\programdata\IObit
    2010-09-23 15:59 . 2010-09-24 15:37 -------- d-----w- c:\program files\IObit
    2010-09-23 12:55 . 2010-09-23 12:55 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
    2010-09-23 12:55 . 2010-09-23 12:55 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2010-09-23 12:55 . 2010-09-23 12:55 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
    2010-09-23 12:55 . 2010-09-23 12:55 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
    2010-09-23 12:55 . 2010-09-23 12:55 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
    2010-09-23 12:55 . 2010-09-23 12:55 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
    2010-09-23 12:55 . 2010-09-23 12:55 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
    2010-09-23 12:55 . 2010-09-23 12:55 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
    2010-09-23 12:55 . 2010-09-23 12:55 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
    2010-09-20 19:24 . 2010-09-20 19:24 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-09-20 12:19 . 2010-09-20 12:19 -------- d-----w- c:\program files\QuickTime
    2010-09-20 12:04 . 2010-09-20 12:04 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-09-20 12:04 . 2010-09-20 12:04 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
    2010-09-15 18:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-09-13 12:12 . 2010-09-13 12:12 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
    2010-09-07 12:13 . 2010-09-28 13:32 -------- d-----w- c:\program files\iTunes

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-04 12:23 . 2010-04-17 20:18 -------- d-----w- c:\users\Scott\AppData\Roaming\Skype
    2010-10-04 12:20 . 2010-07-05 15:03 -------- d-----w- c:\programdata\Norton
    2010-10-04 12:20 . 2010-07-05 15:03 -------- d-----w- c:\programdata\Symantec
    2010-10-04 12:10 . 2010-04-17 20:20 -------- d-----w- c:\users\Scott\AppData\Roaming\skypePM
    2010-09-30 17:52 . 2010-04-08 14:38 -------- d-----w- c:\program files\Google
    2010-09-28 13:31 . 2010-03-18 10:51 -------- d-----w- c:\program files\Common Files\Apple
    2010-09-23 16:00 . 2010-01-29 19:57 -------- d-----w- c:\programdata\avg9
    2010-09-20 19:28 . 2010-04-07 15:28 -------- d-----w- c:\users\Scott\AppData\Roaming\FileZilla
    2010-09-20 12:04 . 2010-04-16 21:06 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-09-20 12:04 . 2010-04-16 20:47 -------- d-----w- c:\program files\DivX
    2010-09-20 12:04 . 2010-04-16 20:45 -------- d-----w- c:\programdata\DivX
    2010-09-20 12:04 . 2010-08-27 16:01 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
    2010-09-20 12:04 . 2010-08-27 15:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-09-20 12:04 . 2010-04-16 21:05 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
    2010-09-20 12:04 . 2010-04-16 21:05 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
    2010-09-15 20:41 . 2010-01-29 19:58 -------- d-----w- c:\programdata\Microsoft Help
    2010-09-15 14:50 . 2010-07-09 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-09-13 12:14 . 2010-08-06 14:11 -------- d-----w- c:\program files\Safari
    2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2010-09-09 15:37 . 2010-08-14 14:54 69632 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
    2010-09-09 15:29 . 2009-12-12 07:33 -------- d-----w- c:\program files\Lenovo
    2010-08-27 16:01 . 2010-08-27 16:01 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
    2010-08-27 16:01 . 2010-08-27 16:01 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
    2010-08-27 16:00 . 2010-08-27 16:00 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
    2010-08-14 15:12 . 2010-01-31 15:47 -------- d-----w- c:\users\Scott\AppData\Roaming\Research In Motion
    2010-08-14 14:55 . 2010-01-31 15:46 -------- d-----w- c:\program files\Common Files\Research In Motion
    2010-08-14 14:54 . 2010-01-31 15:46 -------- d-----w- c:\program files\Research In Motion
    2010-08-14 14:54 . 2010-08-14 14:47 102135128 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Extractor.exe
    2010-08-14 12:49 . 2010-01-31 15:47 256 ----a-w- c:\windows\system32\pool.bin
    2010-08-06 14:12 . 2010-08-06 14:12 190120 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-08-06 14:12 . 2010-03-18 10:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Apple Computer
    2010-08-04 01:38 . 2010-08-04 01:38 1821192 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\vcredist_x86.exe
    2010-08-04 01:38 . 2010-08-04 01:38 400728 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\BBDesktopInstaller.exe
    2010-08-04 01:38 . 2010-08-04 01:38 2959376 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\dotnetfx35setup.exe
    2010-08-04 01:38 . 2010-08-04 01:38 128472 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Helper.exe
    2010-07-29 06:30 . 2010-08-14 12:56 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30 . 2010-08-14 12:56 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-23 10:13 . 2010-07-23 10:13 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
    2010-07-12 19:38 . 2010-07-12 19:38 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2010-07-07 14:14 . 2010-07-07 14:14 50 ----a-w- c:\windows\system32\bd8480dn.dat
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-26 39816]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-20 39408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
    "EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-08-01 4114336]
    "Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-27 163840]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 136176]
    R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-29 63240]
    R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
    R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
    R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
    S1 funfrm;funfrm; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
    S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
    S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:38]

    2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ca/
    uInternet Settings,ProxyOverride = *.local
    TCP: {6E2F20AC-28F8-4481-9F58-D72188AC55D1} = 192.168.0.46
    FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uqml3bw7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-04 08:36:39
    ComboFix-quarantined-files.txt 2010-10-04 12:36

    Pre-Run: 153,742,286,848 bytes free
    Post-Run: 153,276,833,792 bytes free

    - - End Of File - - 25CCB0828D257F7F9C9496D8285A445A
     
  12. svdberg

    svdberg TS Rookie Topic Starter

    ESET

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=6adb87c74a945846890a2c74973b398f
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-10-04 01:11:36
    # local_time=2010-10-04 09:11:36 (-0500, Eastern Daylight Time)
    # country="Canada"
    # lang=9
    # osver=6.1.7600 NT
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777215 100 0 20483499 20483499 0 0
    # compatibility_mode=1797 16775165 100 94 0 44346438 0 0
    # compatibility_mode=5893 16776574 100 94 0 37741336 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=83208
    # found=0
    # cleaned=0
    # scan_time=1352

    Let me know if you need anything else.

    Thanks,

    svdberg
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Yes, I've gotten to be a real bear about pasting vs attaching. I have extensions in Firefox that allow me to search multiple sites to identify an entry, directly from the browser. If the log is attached, I have to copy and paste every entry in a search- it can be very time consuming.

    Please verify: Avira is your antivirus program.

    You have run the following to remove these multiple antivirus programs: it appears you now also have AVG.

    And you have uninstalled the Iobit Advanced System Care.
    There are entries left for all of the above. I can move them with script you'll run through Combofix, but I want to make sure you know what you have and want to keep.
     
  14. svdberg

    svdberg TS Rookie Topic Starter

    Hey Bobbye,

    I have run the AVG Removal however the link to the Norton removal happens to be one of those pages that will not open for me.

    I am happy to just run Avira if that is what you recommend.

    Thanks,

    svdberg
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Backing up for questions about opening the sites:
    1. Are you trying to open those sites from a shortcut> a Bookmark, Favorite, shortcut link of any kind?
    2. If you type the URL into the Address bar, does the page then load?
    3. If it does not, what happens? Message? What?
    4. When Google Earth opened briefly, then shuts down, what happened? Error message? Freeze? What?
    ========================================
    Please run this Custom CFScript (will also remove remaining AV entries except for Avira)

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    KillAll:: 
    File::
    c:\programdata\avg9\update\backup\avgnsx.exe
    c:\programdata\avg9\update\backup\avgui.exe
    c:\programdata\avg9\update\backup\setup.exe
    c:\programdata\avg9\update\backup\avgssie.dll
    c:\programdata\avg9\update\backup\avgcfgx.dll
    c:\programdata\avg9\update\backup\avgsrmx.dll
    c:\programdata\avg9\update\backup\avgcorex.dll
    c:\programdata\avg9\update\backup\avgchclx.dll
    c:\programdata\avg9\update\backup\avgupd.dll
    c:\windows\system32\Drivers\RtsUStor.sys
    c:\windows\system32\DRIVERS\Rts516xIR.sys
    Folder::
    c:\programdata\IObit
    c:\program files\IObit
    c:\users\Scott\AppData\Roaming\IObit
    c:\program files\Common Files\Symantec Shared
    c:\programdata\Norton
    c:\programdata\Symantec
    c:\programdata\avg9
    
    Registry::
    
    Driver::
    RSUSBSTOR
    RtsUIR
    funfrm
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ===================
    You may be seeing an image like this on your desktop:
    [​IMG]

    If you are, it's because files and folders that should be hidden are not. To fix that:
    Click on Start> Control Panel> Folder Options> View tab> Check 'Don't shows hidden files, folders or drives'> Check 'Hide protected operating system files (Recommended)> Apply> OK

    Next time you reboot, the little desktop.ini icon should be gone and now won't get accidentally deleted.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Closed due to inactivity.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...