Inactive Can not open some pages in all browsers (HJT Attached)

[svdberg]

Hello All,

I'm having trouble opening some pages. I'm not very tech savvy but I have tried just about everything I could find on this forum in regards to a solution. I have tried 3 different browsers (IE, Firefox, Safari) and have been unsuccessful in all 3. I tried turning off my firewall and was still met with no success. I am running Windows 7.

A few of the sites that aren't working are Google Maps, Yahoo, ESPN, and Kijiji. I'm not sure if there are any commonalities between these sites that can be drawn here. Probably the weirdest part is that occassionaly a page like Google Maps will work for about 5 minutes randomly, then stop working again.

I have attached an HJT. Hopefully the solution is in there. If not I'm open to any ideas.

Thanks,

svdberg

 

[Bobbye]

Welcome to TechSpot! I'll help you with the problem. We don't screen with HijackThis, so I'd like you to
please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, please paste the logs for review into your next reply . It's okay to use multiple posts for the logs..

Questions and Comments:
1. How much RAM do you have?

page like Google Maps will work for about 5 minutes randomly, then stop working again.

It is possible that if you are low on RAM or if a chip isn't good, high resource users are eating the RAM after displaying with other processes. Then, if you reboot, it frees up the RAM and the cycle starts over again. You also have a lot of unnecessary processes running. IF they start on boot, they will keep running in the background. The more you use, the longer you surf, the quicker the RAM gets used.
2. Consider uninstalling Advanced SystemCare 3. It is not a good program. If you decide to keep it, please don't use it while I'm helping you.
3. I note that you are running PSI LeanEra which is a "fully integrated manufacturing ERP system with innovative design to meet the practical hour-to-hour needs of plant managers in many environments." Is this work computer? The following is listed in running processes:
\CEPSERVERHP\Abaci\Source\abaci.exe Is this that entry> CEP SERVER HP?
4. Consider uninstalling BitTorrent. More about the dangers of file sharing later. If you decide to keep it, please take it off of the Startup and don't use it while I'm helping you.
5. You are running SDWinSec.exe This is related to SpyBot Search & Destroy Security Center Service integration with Vista Windows Security Center. Microsoft ships Windows Defender with Vista, however, Spybot-S&D can now easily integrate into the Vista Security Center; which will then monitor if Spybot-S&D is up-to-date and whether the permanent protection (TeaTimer) is running or not.This update will only show on Vista systems, since previous Windows versions do not offer anti malware integration into WSC. Note: Located in \%Program Files%\Spybot - Search & Destroy\

Did you upgrade to Windows 7 from Vista?

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
.

 

[svdberg]

Hey Bobbye,

I appreciate your help and have noted the recommendations you have made. I will first go through your list of questions. Then post the logs.

1. I am running a Windows 7 Lenovo with 3.00 GB of RAM
2. Advanced System Care 3 is uninstalled
3. This is a personal laptop that I use for work as well. The ERP is a program called ABACI. It would be the entry you referred to.
4. Bittorrent is unistalled.
5. I did not upgrade from Vista. This laptop was purchased with Windows 7 already installed. In fact, the Windows 7 decal is still on the body.

My next three posts will be logs.

I hope I did everything correctly as

 

[svdberg]

My apologies, I must have accidentally hit Post Reply,

Log #1 - MBAM log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4728

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01/10/2010 1:36:24 PM
mbam-log-2010-10-01 (13-36-24).txt

Scan type: Quick scan
Objects scanned: 140277
Time elapsed: 6 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[svdberg]

Log #2 - GMER

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-01 13:46:24
Windows 6.1.7600
Running: 9zwerrgz.exe; Driver: C:\Users\Scott\AppData\Local\Temp\fglcypow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E14898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2D1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A45599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A69F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 99E7CC9D 28 Bytes [4F, 9D, 1B, 28, 5B, B4, CD, ...]
.text peauth.sys 99E7CCC1 28 Bytes [4F, 9D, 1B, 28, 5B, B4, CD, ...]
PAGE peauth.sys 99E82E20 101 Bytes [A4, 8D, 85, FC, F5, D8, 99, ...]
PAGE peauth.sys 99E8302C 102 Bytes [07, 5A, 8C, 46, 1A, 69, B9, ...]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{BEB0675C-69FE-4727-B90C-D73266BBE86B}\Connection@Name isatap.{37939BC9-F2F0-49A8-B4BF-8D318E08D523}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Bind \Device\{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}?\Device\{E79625EC-3848-48FB-9DB6-EEFC7455D123}?\Device\{BEB0675C-69FE-4727-B90C-D73266BBE86B}?\Device\{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}?\Device\{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}?\Device\{41A0DEE9-5985-428C-AF7E-320187BDE828}?\Device\{8297892E-2E63-42B0-94B9-A863C4D51449}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Route "{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}"?"{E79625EC-3848-48FB-9DB6-EEFC7455D123}"?"{BEB0675C-69FE-4727-B90C-D73266BBE86B}"?"{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}"?"{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}"?"{41A0DEE9-5985-428C-AF7E-320187BDE828}"?"{8297892E-2E63-42B0-94B9-A863C4D51449}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{6B683E0E-1505-488C-8053-3C1301924246}\Linkage@Export \Device\TCPIP6TUNNEL_{9020D1B2-F4CE-47C4-8229-C21D5AEFF2A4}?\Device\TCPIP6TUNNEL_{E79625EC-3848-48FB-9DB6-EEFC7455D123}?\Device\TCPIP6TUNNEL_{BEB0675C-69FE-4727-B90C-D73266BBE86B}?\Device\TCPIP6TUNNEL_{89F56C60-7628-46AB-ADF1-B8ABC0AA1842}?\Device\TCPIP6TUNNEL_{B4671D30-0CAB-47C4-8091-5B7E01D2FBF8}?\Device\TCPIP6TUNNEL_{41A0DEE9-5985-428C-AF7E-320187BDE828}?\Device\TCPIP6TUNNEL_{8297892E-2E63-42B0-94B9-A863C4D51449}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BEB0675C-69FE-4727-B90C-D73266BBE86B}@InterfaceName isatap.{37939BC9-F2F0-49A8-B4BF-8D318E08D523}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{BEB0675C-69FE-4727-B90C-D73266BBE86B}@ReusableType 0

---- EOF - GMER 1.0.15 ----

 

[svdberg]

The final two logs are attached as prompted.

If you would rather I cut and paste let me know.

Again, I appreciate your help. Let me know if I did anything incorrectly and I will remedy it.

Thanks,

svdberg

 

[Bobbye]

I thought this was clear:

When you have finished, please paste the logs for review into your next reply . It's okay to use multiple posts for the logs..

And although the authors of DDS does have a note about zipping the Attacch.txt log, we have a direction telling member not to do that. It takes me a considerable amount of extra time if I need to identify an entry and have to copy and paste into a search instead of searching directly from my browser.

You have three antivirus programs running: Norton, Avira and Kaspersky.. Multiple AV programs make a system more vulnerable. Please decide which you want to keep and uninstall; the other> tools to help:
Norton Removal Tool
Avast Removal
I don't have a tool for Kaspersky so check their site.
Reboot the computer when finished.[/b
================================
After the AV has been handles, please run the following:
Please download ComboFix from Here and save to your Desktop.

• 
  [1]. Do NOT rename Combofix unless instructed.
  [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3].Close any open browsers.
  [4]. Double click combofix.exe & follow the prompts to run.
• NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
  [5]. If Combofix asks you to install Recovery Console, please allow it.
  [6]. If Combofix asks you to update the program, always allow.
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  [7]. A report will be generated after the scan. Please paste the C:\ComboFix.txt in next reply.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..
=======================================

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Re-enable your Antivirus software.
10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Please paste logs. Use multiple posts if needed.

 

[svdberg]

Hey Bobbye,

Sorry about not pasting those other logs. You were certainly clear. My mistake, moving forward I will try to follow your advice word for word.

As such, here are the logs:

DDS (Part 1)

DDS (Ver_10-03-17.01) - NTFSx86
Run by Scott at 13:50:22.79 on 01/10/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3033.1863 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\IgrsSvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Management\utility.exe
C:\Program Files\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Scott\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.ca/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [EnergyUtility] c:\program files\lenovo\energy management\utility.exe
mRun: [Energy Management] c:\program files\lenovo\energy management\Energy Management.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [UpdateP2GShortCut] "c:\program files\lenovo\power2go\muitransfer\muistartmenu.exe" "c:\program files\lenovo\power2go" updatewithcreateonce "software\cyberlink\power2go\5.0"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\scott\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {6E2F20AC-28F8-4481-9F58-D72188AC55D1} = 192.168.0.46
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\uqml3bw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

 

[svdberg]

DDS (Part 2)

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 funfrm;funfrm;c:\windows\system32\drivers\funfrm.sys [2009-12-12 54800]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-1 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-1 267432]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-1 60936]
R2 IGRS;IGRS;c:\program files\lenovo\readycomm\common\IGRS.exe [2009-7-14 38152]
R2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-29 1153368]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-12-12 21520]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-5-31 260648]
R3 wdmirror;wdmirror;c:\windows\system32\drivers\WDMirror.sys [2009-12-12 11792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-8 136176]
S3 Bridge0;Bridge0;c:\windows\system32\drivers\wdbridge.sys [2009-12-12 63240]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\lenovo\readycomm\AppSvc.exe [2009-12-12 414984]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\lenovo\readycomm\ConnSvc.exe [2009-12-12 472328]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\system32\igrssvcs.exe -k igrssvcs --> c:\windows\system32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 wsvd;wsvd;c:\windows\system32\drivers\wsvd.sys [2009-7-22 81704]

=============== Created Last 30 ================

2010-10-01 16:54:31 0 d-----w- c:\users\scott\appdata\roaming\Avira
2010-10-01 16:46:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-01 16:46:33 0 d-----w- c:\programdata\Avira
2010-10-01 16:46:33 0 d-----w- c:\program files\Avira
2010-10-01 16:37:14 0 d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2010-10-01 16:37:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 16:36:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 16:36:59 0 d-----w- c:\programdata\Malwarebytes
2010-10-01 16:36:59 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-30 19:56:22 0 d-----w- c:\program files\Trend Micro
2010-09-30 19:38:02 0 d-----w- c:\programdata\Sun
2010-09-30 19:37:40 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-28 13:31:43 0 d-----w- c:\program files\iPod
2010-09-28 13:30:00 0 d-----w- c:\program files\Bonjour
2010-09-23 15:59:14 0 d-----w- c:\users\scott\appdata\roaming\IObit
2010-09-23 15:59:14 0 d-----w- c:\programdata\IObit
2010-09-23 15:59:11 0 d-----w- c:\program files\IObit
2010-09-15 18:38:16 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 12:13:28 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-08-06 14:12:10 190120 ---ha-w- c:\windows\system32\mlfcache.dat
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 22:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:50:35.32 ===============

 

[svdberg]

Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2010 11:30:55 AM
System Uptime: 10/01/2010 1:26:27 PM (6336 hours ago)

Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | U2E1 | 2100/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 189 GiB total, 143.395 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 28.835 GiB free.
E: is CDROM ()
F: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.
K: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.
T: is NetworkDisk (NTFS) - 699 GiB total, 251.431 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP5: 28/09/2010 8:14:20 AM - Windows Update
RP6: 29/09/2010 10:57:11 AM - Installed Kaspersky Anti-Virus 2011.
RP7: 29/09/2010 4:39:07 PM - Windows Update
RP8: 30/09/2010 3:36:39 PM - Installed Java(TM) 6 Update 21
RP9: 30/09/2010 5:17:57 PM - Windows Update
RP10: 01/10/2010 12:23:08 PM - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer
7-Zip 9.15 beta
Abaci ERP Client
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
BlackBerry Desktop Software 6.0
Bonjour
Broadcom 802.11 Wireless Driver
Broadcom Gigabit Integrated Controller
Brother MFL-Pro Suite MFC-8480DN
Combined Community Codec Pack 2009-09-09
Conexant HD Audio
DivX Setup
EasyCapture
Energy Management
FileZilla Client 3.3.4.1
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes' Anti-Malware
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.10)
MSVCRT
Norton Security Scan
OGA Notifier 2.0.0048.0
Power2Go
QuickTime
Realtek USB 2.0 Card Reader
Safari
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2291599)
VC80CRTRedist - 8.0.50727.4053
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool

==== Event Viewer Messages From Past Week ========

29/09/2010 10:38:14 AM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
28/09/2010 9:30:04 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
24/09/2010 8:04:23 AM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831
01/10/2010 12:46:53 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
01/10/2010 12:40:12 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB979538).
01/10/2010 12:30:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800705b4: Update for Windows 7 (KB2158563).
01/10/2010 1:26:49 PM, Error: volmgr [46] - Crash dump initialization failed!

==== End Of File ===========================

 

[svdberg]

ComboFix

ComboFix 10-10-03.01 - Scott 04/10/2010 8:29.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3033.2097 [GMT -4:00]
Running from: c:\users\Scott\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\users\Scott\g2mdlhlpx.exe
c:\windows\system\BisonC07.dll
c:\windows\system\BisonV07.dll

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 12:26 . 2010-10-04 12:27 -------- d-----w- C:\32788R22FWJFW
2010-10-01 16:54 . 2010-10-01 16:54 -------- d-----w- c:\users\Scott\AppData\Roaming\Avira
2010-10-01 16:46 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-01 16:46 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-01 16:46 . 2009-05-11 16:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-01 16:46 . 2010-10-01 16:46 -------- d-----w- c:\programdata\Avira
2010-10-01 16:46 . 2010-10-01 16:46 -------- d-----w- c:\program files\Avira
2010-10-01 16:46 . 2009-05-11 16:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-01 16:37 . 2010-10-01 16:37 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2010-10-01 16:37 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-01 16:36 . 2010-10-01 16:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-01 16:36 . 2010-10-01 16:36 -------- d-----w- c:\programdata\Malwarebytes
2010-10-01 16:36 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 19:56 . 2010-09-30 19:56 -------- d-----w- c:\program files\Trend Micro
2010-09-30 19:38 . 2010-09-30 19:38 -------- d-----w- c:\program files\Common Files\Java
2010-09-30 19:37 . 2010-09-30 19:37 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-30 19:37 . 2010-09-30 19:37 -------- d-----w- c:\program files\Java
2010-09-29 20:39 . 2010-03-04 04:04 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-09-29 20:39 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 18:18 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 15:08 . 2010-09-29 15:08 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-09-29 15:08 . 2010-09-29 15:08 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-09-28 13:31 . 2010-09-28 13:31 -------- d-----w- c:\program files\iPod
2010-09-28 13:30 . 2010-09-28 13:30 -------- d-----w- c:\program files\Bonjour
2010-09-28 13:19 . 2010-09-28 13:19 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-23 15:59 . 2010-09-29 14:38 -------- d-----w- c:\users\Scott\AppData\Roaming\IObit
2010-09-23 15:59 . 2010-09-23 15:59 -------- d-----w- c:\programdata\IObit
2010-09-23 15:59 . 2010-09-24 15:37 -------- d-----w- c:\program files\IObit
2010-09-23 12:55 . 2010-09-23 12:55 620896 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2010-09-23 12:55 . 2010-09-23 12:55 4093792 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2010-09-23 12:55 . 2010-09-23 12:55 3586912 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-09-23 12:55 . 2010-09-23 12:55 1619296 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2010-09-23 12:55 . 2010-09-23 12:55 942432 ----a-w- c:\programdata\avg9\update\backup\avgcfgx.dll
2010-09-23 12:55 . 2010-09-23 12:55 598368 ----a-w- c:\programdata\avg9\update\backup\avgsrmx.dll
2010-09-23 12:55 . 2010-09-23 12:55 4371296 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-09-23 12:55 . 2010-09-23 12:55 300896 ----a-w- c:\programdata\avg9\update\backup\avgchclx.dll
2010-09-23 12:55 . 2010-09-23 12:55 1690952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-09-20 19:24 . 2010-09-20 19:24 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-20 12:19 . 2010-09-20 12:19 -------- d-----w- c:\program files\QuickTime
2010-09-20 12:04 . 2010-09-20 12:04 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-20 12:04 . 2010-09-20 12:04 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-09-15 18:38 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-13 12:12 . 2010-09-13 12:12 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-07 12:13 . 2010-09-28 13:32 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 12:23 . 2010-04-17 20:18 -------- d-----w- c:\users\Scott\AppData\Roaming\Skype
2010-10-04 12:20 . 2010-07-05 15:03 -------- d-----w- c:\programdata\Norton
2010-10-04 12:20 . 2010-07-05 15:03 -------- d-----w- c:\programdata\Symantec
2010-10-04 12:10 . 2010-04-17 20:20 -------- d-----w- c:\users\Scott\AppData\Roaming\skypePM
2010-09-30 17:52 . 2010-04-08 14:38 -------- d-----w- c:\program files\Google
2010-09-28 13:31 . 2010-03-18 10:51 -------- d-----w- c:\program files\Common Files\Apple
2010-09-23 16:00 . 2010-01-29 19:57 -------- d-----w- c:\programdata\avg9
2010-09-20 19:28 . 2010-04-07 15:28 -------- d-----w- c:\users\Scott\AppData\Roaming\FileZilla
2010-09-20 12:04 . 2010-04-16 21:06 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-20 12:04 . 2010-04-16 20:47 -------- d-----w- c:\program files\DivX
2010-09-20 12:04 . 2010-04-16 20:45 -------- d-----w- c:\programdata\DivX
2010-09-20 12:04 . 2010-08-27 16:01 185640 ----a-w- c:\programdata\DivX\Setup\finishPlugin.dll
2010-09-20 12:04 . 2010-08-27 15:59 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-20 12:04 . 2010-04-16 21:05 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-09-20 12:04 . 2010-04-16 21:05 850200 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-09-15 20:41 . 2010-01-29 19:58 -------- d-----w- c:\programdata\Microsoft Help
2010-09-15 14:50 . 2010-07-09 20:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-13 12:14 . 2010-08-06 14:11 -------- d-----w- c:\program files\Safari
2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
2010-09-09 15:37 . 2010-08-14 14:54 69632 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
2010-09-09 15:37 . 2010-08-14 14:54 413696 ----a-r- c:\users\Scott\AppData\Roaming\Microsoft\Installer\{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}\ARPPRODUCTICON.exe
2010-09-09 15:29 . 2009-12-12 07:33 -------- d-----w- c:\program files\Lenovo
2010-08-27 16:01 . 2010-08-27 16:01 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-27 16:01 . 2010-08-27 16:01 57691 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-08-27 16:00 . 2010-08-27 16:00 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-14 15:12 . 2010-01-31 15:47 -------- d-----w- c:\users\Scott\AppData\Roaming\Research In Motion
2010-08-14 14:55 . 2010-01-31 15:46 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-08-14 14:54 . 2010-01-31 15:46 -------- d-----w- c:\program files\Research In Motion
2010-08-14 14:54 . 2010-08-14 14:47 102135128 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Extractor.exe
2010-08-14 12:49 . 2010-01-31 15:47 256 ----a-w- c:\windows\system32\pool.bin
2010-08-06 14:12 . 2010-08-06 14:12 190120 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-06 14:12 . 2010-03-18 10:52 -------- d-----w- c:\users\Scott\AppData\Roaming\Apple Computer
2010-08-04 01:38 . 2010-08-04 01:38 1821192 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\vcredist_x86.exe
2010-08-04 01:38 . 2010-08-04 01:38 400728 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\BBDesktopInstaller.exe
2010-08-04 01:38 . 2010-08-04 01:38 2959376 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\dotnetfx35setup.exe
2010-08-04 01:38 . 2010-08-04 01:38 128472 ----a-w- c:\users\Scott\AppData\Roaming\Research In Motion\BlackBerry\Updates\F4FAEEFE-8DE3-4f0a-9182-5D8C6401AB3B\Helper.exe
2010-07-29 06:30 . 2010-08-14 12:56 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-14 12:56 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-23 10:13 . 2010-07-23 10:13 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-12 19:38 . 2010-07-12 19:38 71680 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-07-07 14:14 . 2010-07-07 14:14 50 ----a-w- c:\windows\system32\bd8480dn.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-26 39816]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-12 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-12 150552]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-08-01 4114336]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-03-27 163840]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"UpdateP2GShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 136176]
R3 Bridge0;Bridge0;c:\windows\system32\drivers\WDBridge.sys [2009-07-29 63240]
R3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;c:\program files\Lenovo\ReadyComm\AppSvc.exe [2009-07-28 414984]
R3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;c:\program files\Lenovo\ReadyComm\ConnSvc.exe [2009-07-28 472328]
R3 PS_MDP;ReadyComm Presentation Space Helper Service;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
S1 funfrm;funfrm; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 IGRS;IGRS;c:\program files\Lenovo\ReadyComm\common\IGRS.exe [2009-07-14 38152]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;c:\windows\System32\IgrsSvcs.exe [2009-07-14 20992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [2009-07-16 11792]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
IgrsSvcs REG_MULTI_SZ ReadyComm.DirectRouter PS_MDP
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:38]

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-08 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
TCP: {6E2F20AC-28F8-4481-9F58-D72188AC55D1} = 192.168.0.46
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\uqml3bw7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-10-04 08:36:39
ComboFix-quarantined-files.txt 2010-10-04 12:36

Pre-Run: 153,742,286,848 bytes free
Post-Run: 153,276,833,792 bytes free

- - End Of File - - 25CCB0828D257F7F9C9496D8285A445A

 

[svdberg]

ESET

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6adb87c74a945846890a2c74973b398f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-04 01:11:36
# local_time=2010-10-04 09:11:36 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 20483499 20483499 0 0
# compatibility_mode=1797 16775165 100 94 0 44346438 0 0
# compatibility_mode=5893 16776574 100 94 0 37741336 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=83208
# found=0
# cleaned=0
# scan_time=1352

Let me know if you need anything else.

Thanks,

svdberg

 

[Bobbye]

Yes, I've gotten to be a real bear about pasting vs attaching. I have extensions in Firefox that allow me to search multiple sites to identify an entry, directly from the browser. If the log is attached, I have to copy and paste every entry in a search- it can be very time consuming.

Please verify: Avira is your antivirus program.

You have run the following to remove these multiple antivirus programs: it appears you now also have AVG.

• Norton Removal Tool
• AVG Removal: Note: You may have to reinstall AVG to uninstall it fully

And you have uninstalled the Iobit Advanced System Care.
There are entries left for all of the above. I can move them with script you'll run through Combofix, but I want to make sure you know what you have and want to keep.

 

[svdberg]

Hey Bobbye,

I have run the AVG Removal however the link to the Norton removal happens to be one of those pages that will not open for me.

I am happy to just run Avira if that is what you recommend.

Thanks,

svdberg

 

[Bobbye]

Backing up for questions about opening the sites:
1. Are you trying to open those sites from a shortcut> a Bookmark, Favorite, shortcut link of any kind?
2. If you type the URL into the Address bar, does the page then load?
3. If it does not, what happens? Message? What?
4. When Google Earth opened briefly, then shuts down, what happened? Error message? Freeze? What?
========================================
Please run this Custom CFScript (will also remove remaining AV entries except for Avira)

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad and copy/paste the text in the code below into it:

KillAll:: 
File::
c:\programdata\avg9\update\backup\avgnsx.exe
c:\programdata\avg9\update\backup\avgui.exe
c:\programdata\avg9\update\backup\setup.exe
c:\programdata\avg9\update\backup\avgssie.dll
c:\programdata\avg9\update\backup\avgcfgx.dll
c:\programdata\avg9\update\backup\avgsrmx.dll
c:\programdata\avg9\update\backup\avgcorex.dll
c:\programdata\avg9\update\backup\avgchclx.dll
c:\programdata\avg9\update\backup\avgupd.dll
c:\windows\system32\Drivers\RtsUStor.sys
c:\windows\system32\DRIVERS\Rts516xIR.sys
Folder::
c:\programdata\IObit
c:\program files\IObit
c:\users\Scott\AppData\Roaming\IObit
c:\program files\Common Files\Symantec Shared
c:\programdata\Norton
c:\programdata\Symantec
c:\programdata\avg9

Registry::

Driver::
RSUSBSTOR
RtsUIR
funfrm

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
===================
You may be seeing an image like this on your desktop:

If you are, it's because files and folders that should be hidden are not. To fix that:
Click on Start> Control Panel> Folder Options> View tab> Check 'Don't shows hidden files, folders or drives'> Check 'Hide protected operating system files (Recommended)> Apply> OK

Next time you reboot, the little desktop.ini icon should be gone and now won't get accidentally deleted.

 

[Bobbye]

Closed due to inactivity.