TechSpot

Google redirects to adwords/onlinesecure in firefox

By jpb2872
Jul 20, 2010
  1. Hello and thank you in advance for your help.

    I have a dell latitude D810, running windows xp professional

    OS Name Microsoft Windows XP Professional
    Version 5.1.2600 Service Pack 3 Build 2600
    OS Manufacturer Microsoft Corporation
    System Manufacturer Dell Inc.
    System Model Latitude D810
    System Type X86-based PC
    Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2261 Mhz
    BIOS Version/Date Dell Inc. A04, 9/30/2005
    SMBIOS Version 2.3
    Windows Directory C:\WINDOWS
    System Directory C:\WINDOWS\system32
    Boot Device \Device\HarddiskVolume2
    Locale United States
    Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
    User Name PPSO-D1G5MW81\John
    Time Zone Central Daylight Time
    Total Physical Memory 1,024.00 MB
    Available Physical Memory 248.72 MB
    Total Virtual Memory 2.00 GB
    Available Virtual Memory 1.96 GB
    Page File Space 2.40 GB
    Page File C:\pagefile.sys


    I believe I have some type of virus/infection. The symptoms I am noticing are that in firefox, during a google search, if I click a link in the search results I get redirected to different pages. On a mouse over of a link it shows "adwords onlinesecure..." Also I have noticed after closing firefox and running CCleaner I am prompted to close firefox which does not show as an open program but does show under proceesses. When I later restart firefox it prompts me as to whether I want to restore tabs/windows or start a new session. Under restore tabs/windows are numerous onlinesecure/blank blank2 blank3 ect... sometimes as many as 6. If i use IE it hangs up and freezes alot.

    Also at times I get the blue screen and dumping memory message, not sure of the exact error message at this time.

    I have done the following so far. I have ran Malwarebytes and cleaned several items a few weeks ago but continue to get no viruses found since, ran avira and cleaned one virus, again a few weeks ago, and since I get no viruses found.

    Upon reading on this site tonight I followed the steps listed for virus removal.

    1.) I ran CCleaner
    2.) Ran Malwarebytes - Log pasted below
    3.) Ran Avira - Log attached
    4.) Ran GMER (I did not save log, thought it was saved automatically, no programs were found to be running.) I can rerun and post a log
    5.) Ran dds - Logs attached
    6.) Ran combofix - Log attached
    7.) Ran ESET - Log attached

    I did not download and run hijack log, please let me know if it is needed.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4310

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    7/13/2010 10:32:05 PM
    mbam-log-2010-07-13 (22-32-05).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 307260
    Time elapsed: 2 hour(s), 13 minute(s), 33 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    --------------------------------------------------------------------------------------------------


    Awaiting your response and thanking you in advance.

    John
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You ran some extra programs like Combofix and Eset. Although we usually have the members run those programs during the cleaning, you should have waited until the logs were checked for instructions. We also recommend running TFC instead of CCleaner.

    It will take me a bit to get through the logs. In the meantime, Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    I would also appreciate your pasting the logs instead of attaching. Then I can search directly from my browser instead of copy and paste. Be patient please.
     
  3. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    logs

    I had them pasted but I exceeded the maximum number of characters, I will paste them here on two post if need be. Thanks


    Avira AntiVir Personal
    Report file date: Monday, July 19, 2010 00:56

    Scanning for 2360683 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : John
    Computer name : PPSO-D1G5MW81

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
    VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
    VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
    VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
    VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
    VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
    VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
    VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
    VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
    VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
    VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
    VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
    VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
    VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
    VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
    VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
    VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
    VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
    VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
    VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
    VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
    VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
    VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
    VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
    VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
    VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
    Engineversion : 8.2.4.12
    AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
    AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
    AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
    AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
    AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
    AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
    AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
    AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
    AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
    AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
    AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
    AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
    AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: delete
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

    Start of the scan: Monday, July 19, 2010 00:56

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
    [NOTE] The registry entry is invisible.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '66' Module(s) have been scanned
    Scan process 'msdtc.exe' - '43' Module(s) have been scanned
    Scan process 'dllhost.exe' - '61' Module(s) have been scanned
    Scan process 'dllhost.exe' - '48' Module(s) have been scanned
    Scan process 'vssvc.exe' - '51' Module(s) have been scanned
    Scan process 'avcenter.exe' - '98' Module(s) have been scanned
    Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'realsched.exe' - '34' Module(s) have been scanned
    Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
    Scan process 'jusched.exe' - '24' Module(s) have been scanned
    Scan process 'avgnt.exe' - '56' Module(s) have been scanned
    Scan process 'alg.exe' - '36' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
    Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '45' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
    Scan process 'MDM.EXE' - '28' Module(s) have been scanned
    Scan process 'jqs.exe' - '33' Module(s) have been scanned
    Scan process 'Iap.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
    Scan process 'avguard.exe' - '53' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'sched.exe' - '48' Module(s) have been scanned
    Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
    Scan process 'svchost.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '163' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '70' Module(s) have been scanned
    Scan process 'winlogon.exe' - '78' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1867' files ).


    Starting the file scan:

    Begin scan in 'C:\'


    End of the scan: Monday, July 19, 2010 02:12
    Used time: 1:15:51 Hour(s)

    The scan has been done completely.

    13754 Scanned directories
    415191 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    415191 Files not concerned
    4605 Archives were scanned
    0 Warnings
    0 Notes
    925494 Objects were scanned with rootkit scan
    2 Hidden objects were found

    ==============================================================
    ======
     
  4. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    DDS log

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by John at 21:49:48.85 on Mon 07/19/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.579 [GMT -5:00]

    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\UStorSrv.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\PPSO88\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    {aa58ed58-01dd-4d91-8333-cf10577473f7}
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
    TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\RegistryBooster.exe /S
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mPolicies-system: HideShutdownScripts = 0 (0x0)
    IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1134502743502
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\ppso88\applic~1\mozilla\firefox\profiles\nc6b34uq.default\
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-5 11608]
    R1 MPFIREWL;MPFIREWL;c:\windows\system32\drivers\MpFirewall.sys [2007-6-18 80640]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-5 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-5 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-5 60936]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-10-19 110984]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2005-11-23 80384]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
    S3 MotDev;Motorola Inc. USB Device; [x]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [2008-3-24 899884]

    =============== Created Last 30 ================

    2010-07-22 03:23:54 3281 ----a-w- c:\windows\system32\wbem\Outlook_01cb294d4fec85b4.mof
    2010-07-22 03:08:52 0 d-----w- c:\program files\common files\AnswerWorks 5.0
    2010-07-22 03:08:37 1848608 ----a-w- c:\windows\system32\acXMLParser.dll
    2010-07-22 03:08:35 3523872 ----a-w- c:\windows\system32\cdintf300.dll
    2010-07-22 03:08:01 0 d-----w- c:\docume~1\ppso88\applic~1\Intuit
    2010-07-22 03:07:33 0 d-----w- c:\program files\common files\Intuit
    2010-07-22 03:07:19 0 d-----w- c:\program files\Quicken
    2010-07-22 03:07:09 120 ----a-w- c:\windows\QUICKEN.INI
    2010-07-22 03:06:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit
    2010-07-13 19:15:58 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-12 15:31:51 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-07 12:28:17 0 d-----w- c:\program files\common files\McAfee
    2010-07-05 22:32:57 0 d-----w- c:\docume~1\ppso88\applic~1\Avira
    2010-07-05 07:02:22 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-05 07:01:26 0 d-----w- c:\program files\Avira
    2010-07-05 07:01:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-07-02 20:20:31 139264 ----a-w- c:\windows\system32\UStorSrv.exe
    2010-07-01 20:58:10 117 ----a-w- c:\windows\WMProof.ini
    2010-07-01 20:57:57 18 ----a-w- c:\windows\geolan.ini
    2010-07-01 00:38:08 0 d-----w- C:\My Documents
    2010-07-01 00:37:58 0 d-----w- C:\Application Data
    2010-06-25 20:09:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-06-25 20:09:52 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-06-25 17:15:31 203776 ----a-w- c:\windows\system32\clrviddc.dll
    2010-06-25 17:10:41 0 d-----w- c:\program files\common files\xing shared

    ==================== Find3M ====================

    2010-05-04 12:39:27 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-04 12:39:27 13824 ----a-w- c:\windows\system32\dllcache\ieudinit.exe
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
    2009-12-08 04:18:43 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
    2007-08-31 15:53:48 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012007083120070901\index.dat
    2008-12-12 08:48:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008121220081213\index.dat

    ============= FINISH: 21:50:21.67 =========
     
  5. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    DDS attach log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/13/2005 1:29:04 PM
    System Uptime: 7/19/2010 5:07:05 PM (4 hours ago)

    Motherboard: Dell Inc. | | 0D8006
    Processor: Intel(R) Pentium(R) M processor 2.26GHz | Microprocessor | 791/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 74 GiB total, 24.815 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP56: 7/5/2010 5:30:07 PM - System Checkpoint
    RP57: 7/5/2010 5:30:06 PM - Software Distribution Service 3.0
    RP58: 7/5/2010 5:30:05 PM - System Checkpoint
    RP59: 7/5/2010 5:30:03 PM - System Checkpoint
    RP60: 7/5/2010 5:30:03 PM - System Checkpoint
    RP61: 7/5/2010 5:30:01 PM - System Checkpoint
    RP62: 7/5/2010 5:29:47 PM - System Checkpoint
    RP63: 7/19/2010 8:20:29 PM - System Checkpoint
    RP64: 7/5/2010 5:30:21 PM - System Checkpoint
    RP65: 7/5/2010 5:30:20 PM - System Checkpoint
    RP66: 7/5/2010 5:30:10 PM - Software Distribution Service 3.0
    RP67: 7/1/2010 3:44:09 PM - Restore Operation
    RP68: 7/1/2010 4:11:18 PM - Restore Operation
    RP69: 7/1/2010 4:24:37 PM - Restore Operation
    RP70: 7/5/2010 5:30:09 PM - System Checkpoint
    RP71: 7/6/2010 7:45:26 PM - Removed SUPERAntiSpyware Free Edition
    RP72: 7/7/2010 7:20:28 AM - Removed Bonjour
    RP73: 7/7/2010 7:24:25 AM - Removed RAID
    RP74: 7/8/2010 9:12:48 AM - System Checkpoint
    RP75: 7/9/2010 10:36:46 AM - System Checkpoint
    RP76: 7/10/2010 12:11:29 PM - System Checkpoint
    RP77: 7/11/2010 1:57:59 PM - System Checkpoint
    RP78: 7/12/2010 10:30:31 AM - Installed Java(TM) 6 Update 20
    RP79: 7/12/2010 10:34:52 AM - Installed QuickTime
    RP80: 7/12/2010 10:40:42 AM - Removed Adobe Reader 8.1.1
    RP81: 7/12/2010 10:41:54 AM - Installed Adobe Reader 9.3.
    RP82: 7/13/2010 4:02:08 PM - System Checkpoint
    RP83: 7/13/2010 8:14:48 PM - Software Distribution Service 3.0
    RP84: 7/14/2010 3:00:35 AM - Software Distribution Service 3.0
    RP85: 7/15/2010 3:00:42 AM - Software Distribution Service 3.0
    RP86: 7/16/2010 4:07:07 AM - System Checkpoint
    RP87: 7/17/2010 6:07:13 AM - System Checkpoint
    RP88: 7/18/2010 8:07:07 AM - System Checkpoint
    RP89: 7/18/2010 6:41:22 PM - OTL Restore Point

    ==== Installed Programs ======================

    2570
    2570_Help
    2570Trb
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.3
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AiO_Scan_CDA
    AiOSoftwareNPI
    AnswerWorks 5.0 English Runtime
    ATI Display Driver
    Avanquest update
    Avira AntiVir Personal - Free Antivirus
    AVS VideoConverter 3.1.1.151
    BufferChm
    CCleaner
    Conexant D110 MDC V.9x Modem
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    CP_Package_Basic1
    CP_Panorama1Config
    Crystal Reports XI
    CueTour
    DesignPro 5.4 Limited Edition
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    DivX Setup
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Fax_CDA
    FTDI USB Serial Converter Drivers
    FullDPAppQFolder
    GeoVision ADPCM
    GeoVision H264
    GeoVision JPEG
    GeoVision MPEG2
    GeoVision MPEG4
    GeoVision MPEG4 ASP
    GeoVision MPEG4 AVC
    Google Toolbar for Internet Explorer
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Document Viewer 5.3
    HP Image Zone 5.3
    HP Imaging Device Functions 5.3
    HP PSC & OfficeJet 5.3.A
    iDEN Phonebook Manager
    Imation Disk Manager V a Service
    InstantShareDevices
    Java Auto Updater
    Java(TM) 6 Update 20
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft SQL Server Desktop Engine
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Motorola Driver Installation
    Motorola Phone Tools
    Mozilla Firefox (3.6.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    NewCopy_CDA
    OGA Notifier 2.0.0048.0
    OmniForm 5.0
    PanoStandAlone
    PayPal Plug-In
    PDF Settings
    Pdf995 (installed by TaxCut)
    PdfEdit995 (installed by TaxCut)
    PhotoGallery
    ProductContextNPI
    Quicken 2009
    QuickTime
    RandMap
    Readme
    RealPlayer
    RealUpgrade 1.0
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Easy Media Creator 7 Basic VCD Edition
    Roxio Express Labeler
    Roxio Update Manager
    Safari
    Scan
    ScannerCopy
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB2229593)
    SkinsHP1
    Sonic Activation Module
    Sonic DLA
    Sonic_PrimoSDK
    SpotLife
    Status
    Surveillance Device Configurator
    TaxCut Louisiana 2007
    TaxCut Premium + State + Efile 2007
    TrayApp
    TSP_CODEC
    Uniblue RegistryBooster 2
    Uniblue System Tweaker
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB980182)
    VC80CRTRedist - 8.0.50727.4053
    Video DVD Maker v3.7.0.15
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WinAce Archiver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer Clean Up
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Browser Services
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    7/19/2010 12:30:55 AM, error: System Error [1003] - Error code 1000000a, parameter1 251bdd8c, parameter2 00000002, parameter3 00000000, parameter4 805068c9.
    7/18/2010 7:03:03 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 853b3010, parameter3 853b39f0, parameter4 0b3c4e30.
    7/18/2010 2:27:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/18/2010 12:57:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/18/2010 12:42:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/18/2010 12:40:27 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0013CE38E0FE. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    7/18/2010 1:27:52 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-nw.nist.gov,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    7/16/2010 9:24:20 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
    7/13/2010 8:41:18 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 16 time(s).
    7/13/2010 8:26:01 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 15 time(s).
    7/13/2010 8:26:01 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 16 time(s).
    7/13/2010 8:25:59 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 14 time(s).
    7/13/2010 8:25:59 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 15 time(s).
    7/13/2010 8:25:57 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 13 time(s).
    7/13/2010 8:25:57 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 14 time(s).
    7/13/2010 8:25:54 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 12 time(s).
    7/13/2010 8:25:54 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 13 time(s).
    7/13/2010 8:25:53 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 11 time(s).
    7/13/2010 8:25:53 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 12 time(s).
    7/13/2010 8:25:51 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 10 time(s).
    7/13/2010 8:25:51 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 11 time(s).
    7/13/2010 8:25:49 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 9 time(s).
    7/13/2010 8:25:49 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 10 time(s).
    7/13/2010 8:25:47 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 8 time(s).
    7/13/2010 8:25:47 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 9 time(s).
    7/13/2010 8:25:45 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 7 time(s).
    7/13/2010 8:25:45 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 8 time(s).
    7/13/2010 8:25:44 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 6 time(s).
    7/13/2010 8:25:44 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 7 time(s).
    7/13/2010 8:25:42 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 5 time(s).
    7/13/2010 8:25:42 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 6 time(s).
    7/13/2010 8:25:40 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 4 time(s).
    7/13/2010 8:25:40 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 5 time(s).
    7/13/2010 8:25:39 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 3 time(s).
    7/13/2010 8:25:39 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 4 time(s).
    7/13/2010 8:25:30 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 2 time(s).
    7/13/2010 8:10:28 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).
    7/13/2010 8:10:23 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    7/13/2010 8:10:22 PM, error: Service Control Manager [7034] - The MS Software Shadow Copy Provider service terminated unexpectedly. It has done this 1 time(s).
    7/13/2010 8:10:22 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    7/13/2010 3:42:25 AM, error: VolSnap [10] - The shadow copy of volume C: took too long to install.
    7/13/2010 3:25:04 AM, error: VolSnap [25] - The shadow copy of volume C: was aborted because the diff area file could not grow in time. Consider reducing the IO load on this system to avoid this problem in the future.
    7/13/2010 3:23:27 AM, error: VolSnap [12] - The shadow copy of volume C: became low on diff area space before it was properly installed.
    7/13/2010 2:03:13 PM, error: Dhcp [1002] - The IP address lease 10.0.6.10 for the Network Card with network address 001422DC855A has been denied by the DHCP server 10.0.6.1 (The DHCP Server sent a DHCPNACK message).
    7/12/2010 7:13:41 PM, error: System Error [1003] - Error code 00000019, parameter1 00000020, parameter2 ba7bb1a8, parameter3 ba7bb9d0, parameter4 fd050f80.
    7/12/2010 7:12:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
    7/12/2010 7:11:58 PM, error: Service Control Manager [7001] - The WLANKEEPER service depends on the EvtEng service which failed to start because of the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7001] - The Spectrum24 Event Monitor service depends on the EvtEng service which failed to start because of the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The RegSrvc service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Pantech&Curitel Utility Service service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The OmniForm Printer service failed to start due to the following error: The system cannot find the path specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The MSSQLSERVER service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The system cannot find the path specified.
    7/12/2010 7:11:58 PM, error: Service Control Manager [7000] - The Broadcom ASF IP monitoring service v6.0.4 service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 7:11:57 PM, error: Service Control Manager [7000] - The EvtEng service failed to start due to the following error: The system cannot find the file specified.
    7/12/2010 10:45:32 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 10.0.6.10 with the system having network hardware address 00:15:C5:5A:3A:6F. Network operations on this system may be disrupted as a result.

    ==== End Of File ===========================
     
  6. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    Combofix log part 1

    ComboFix 10-07-19.01 - John 07/19/2010 22:05:25.9.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.567 [GMT -5:00]
    Running from: c:\documents and settings\PPSO88\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    .

    ((((((((((((((((((((((((( Files Created from 2010-06-20 to 2010-07-20 )))))))))))))))))))))))))))))))
    .

    2010-07-22 03:10 . 2010-07-22 03:10 997 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\rebase.cmd
    2010-07-22 03:08 . 2010-07-22 03:08 -------- d-----w- c:\program files\Common Files\AnswerWorks 5.0
    2010-07-22 03:08 . 2008-09-29 23:37 1848608 ----a-w- c:\windows\system32\acXMLParser.dll
    2010-07-22 03:08 . 2008-09-29 23:37 3523872 ----a-w- c:\windows\system32\cdintf300.dll
    2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Deluxe\Custom\billmind.exe
    2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\HaB\Custom\billmind.exe
    2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\Premier\Custom\billmind.exe
    2010-07-22 03:08 . 2008-09-29 10:35 25888 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Sku\RPM\Custom\billmind.exe
    2010-07-22 03:08 . 2010-07-22 03:08 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Intuit
    2010-07-22 03:07 . 2010-07-22 03:07 -------- d-----w- c:\program files\Common Files\Intuit
    2010-07-22 03:07 . 2010-07-22 03:08 -------- d-----w- c:\program files\Quicken
    2010-07-22 03:06 . 2010-07-22 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-07-13 19:15 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-12 15:38 . 2010-07-12 15:38 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2010-07-12 15:37 . 2010-07-12 15:37 -------- d-----w- c:\program files\QuickTime
    2010-07-12 15:36 . 2010-07-12 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-07-12 15:36 . 2010-07-12 15:36 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-07-12 15:35 . 2010-07-12 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-07-12 15:32 . 2010-07-12 15:32 503808 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\msvcp71.dll
    2010-07-12 15:32 . 2010-07-12 15:32 499712 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\jmc.dll
    2010-07-12 15:32 . 2010-07-12 15:32 348160 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-617203ca-n\msvcr71.dll
    2010-07-12 15:32 . 2010-07-12 15:32 61440 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-13156ee7-n\decora-sse.dll
    2010-07-12 15:32 . 2010-07-12 15:32 12800 ----a-w- c:\documents and settings\PPSO88\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-13156ee7-n\decora-d3d.dll
    2010-07-12 15:31 . 2010-04-12 22:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-07 12:28 . 2010-07-07 12:28 -------- d-----w- c:\program files\Common Files\McAfee
    2010-07-07 11:12 . 2010-07-07 11:12 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
    2010-07-05 22:32 . 2010-07-05 22:32 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Avira
    2010-07-05 07:02 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-07-05 07:02 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-05 07:02 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-07-05 07:02 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-07-05 07:01 . 2010-07-05 07:01 -------- d-----w- c:\program files\Avira
    2010-07-05 07:01 . 2010-07-05 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-07-05 05:48 . 2010-07-05 05:50 52224 ----a-w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-05 05:47 . 2010-07-05 05:50 117760 ----a-w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-05 05:31 . 2010-07-05 05:31 -------- d-----w- c:\documents and settings\JPB\Application Data\SUPERAntiSpyware.com
    2010-07-04 22:42 . 2010-07-04 22:42 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Adobe
    2010-07-04 07:35 . 2010-07-04 07:35 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-07-04 07:35 . 2010-07-04 07:35 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-07-04 07:35 . 2010-07-04 07:35 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-07-04 07:35 . 2010-07-04 07:35 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
    2010-07-04 07:35 . 2010-07-04 07:35 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-07-04 07:34 . 2010-07-04 07:34 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
    2010-07-04 07:34 . 2010-07-04 07:34 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-07-04 07:34 . 2010-07-04 07:34 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-07-02 20:20 . 2006-02-17 11:19 139264 ----a-w- c:\windows\system32\UStorSrv.exe
    2010-07-02 17:06 . 2010-07-02 17:06 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Yahoo
    2010-07-02 16:19 . 2010-07-02 16:19 -------- d-----w- c:\documents and settings\JPB\Local Settings\Application Data\Mozilla
    2010-07-02 16:18 . 2010-07-02 16:18 -------- d-----w- c:\documents and settings\JPB\Application Data\ICAClient
    2010-07-02 16:17 . 2010-07-02 16:17 -------- d-----w- c:\documents and settings\JPB\Application Data\DivX
    2010-07-02 16:17 . 2010-07-02 16:17 -------- d-----w- c:\documents and settings\JPB\Application Data\Malwarebytes
    2010-07-02 16:07 . 2010-07-02 16:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
    2010-07-01 21:19 . 2010-07-01 21:19 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-01 21:18 . 2010-07-01 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-07-01 00:38 . 2010-07-01 00:38 -------- d-----w- C:\My Documents
    2010-07-01 00:37 . 2010-07-01 00:37 -------- d-----w- C:\Application Data
    2010-06-25 20:09 . 2010-06-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-25 20:09 . 2010-06-25 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-06-25 17:15 . 2010-06-25 17:15 203776 ----a-w- c:\windows\system32\clrviddc.dll
    2010-06-25 17:12 . 2010-06-25 17:12 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-06-25 17:12 . 2010-06-25 17:12 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-06-25 17:11 . 2010-06-25 17:11 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-06-25 17:11 . 2010-06-25 17:11 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-06-25 17:11 . 2010-06-25 17:11 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-06-25 17:10 . 2010-06-25 17:10 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-06-25 17:10 . 2010-06-25 17:10 -------- d-----w- c:\program files\Common Files\xing shared
    2010-06-25 17:06 . 2010-06-25 17:06 734728 ----a-w- c:\documents and settings\PPSO88\Application Data\Real\RealPlayer\setup\AU_setup14.exe
    2010-06-25 16:01 . 2010-06-25 16:01 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-22 03:08 . 2005-11-24 00:40 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-14 19:03 . 2009-05-05 23:15 -------- d-----w- c:\program files\CCleaner
    2010-07-12 15:43 . 2007-08-29 06:48 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-12 15:34 . 2005-11-24 00:38 -------- d-----w- c:\program files\Common Files\Java
    2010-07-12 15:31 . 2005-11-24 00:38 -------- d-----w- c:\program files\Java
    2010-07-07 12:20 . 2007-11-30 03:02 -------- d-----w- c:\program files\Bonjour
    2010-07-07 00:45 . 2009-05-06 15:30 -------- d-----w- c:\documents and settings\PPSO88\Application Data\SUPERAntiSpyware.com
    2010-07-06 10:13 . 2006-11-09 20:56 -------- d-----w- c:\program files\Google
    2010-07-06 06:43 . 2008-12-12 09:05 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-07-06 06:25 . 2007-08-30 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-07-05 06:14 . 2007-06-18 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-04 08:36 . 2010-05-26 03:35 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-07-04 07:35 . 2010-05-26 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-07-04 07:35 . 2009-05-25 05:48 -------- d-----w- c:\program files\DivX
    2010-07-04 07:27 . 2010-05-26 03:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-07-04 07:27 . 2010-05-26 03:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-07-01 21:48 . 2009-05-06 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-30 21:23 . 2005-11-24 00:51 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-06-25 20:09 . 2005-11-24 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-06-25 17:12 . 2010-03-22 18:25 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-06-25 17:12 . 2010-03-22 18:25 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-06-25 17:12 . 2010-03-22 18:25 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-06-25 17:12 . 2010-03-22 18:25 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-06-25 17:11 . 2006-06-29 23:31 -------- d-----w- c:\program files\Common Files\Real
    2010-06-25 17:10 . 2006-06-29 23:31 -------- d-----w- c:\program files\Real
    2010-06-25 15:54 . 2010-05-26 03:32 -------- d-----w- c:\documents and settings\PPSO88\Application Data\DivX
    2010-06-14 14:31 . 2004-08-11 23:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-10 02:09 . 2010-05-30 11:00 -------- d-----w- c:\program files\Sierra Wireless
    2010-06-02 06:40 . 2010-06-02 06:40 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-02 05:47 . 2010-06-02 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-06-02 05:01 . 2010-06-02 05:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Sprint
    2010-06-02 01:09 . 2007-04-14 01:31 -------- d-----w- c:\program files\Common Files\Motorola Shared
    2010-05-30 10:58 . 2010-05-30 10:58 -------- d-----w- c:\documents and settings\PPSO88\Application Data\Sierra Wireless
    2010-05-27 03:29 . 2007-10-30 01:15 -------- d-----w- c:\program files\WinAce
    2010-05-26 03:31 . 2010-05-26 03:31 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-05-26 03:31 . 2010-05-26 03:31 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-05-26 03:31 . 2010-05-26 03:31 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-05-26 03:31 . 2010-05-26 03:31 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-05-26 03:31 . 2010-05-26 03:31 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-05-26 03:31 . 2010-05-26 03:31 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-05-26 03:31 . 2010-05-26 03:31 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-05-16 01:26 . 2010-05-16 01:26 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-05-04 17:20 . 2004-08-11 23:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-05-04 17:20 . 2010-03-02 20:40 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-05-04 17:20 . 2004-08-11 23:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-05-02 05:22 . 2004-08-11 23:00 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-29 20:39 . 2009-05-06 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 20:39 . 2009-05-06 00:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-08-14 1877272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-25 202256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideShutdownScripts"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
    2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    backup=c:\windows\pss\Windows Search.lnkCommon Startup
     
  7. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    [HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^CorelCENTRAL Alarms.LNK]
    backup=c:\windows\pss\CorelCENTRAL Alarms.LNKStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^Desktop Application Director 9.LNK]
    backup=c:\windows\pss\Desktop Application Director 9.LNKStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^PPSO88^Start Menu^Programs^Startup^map.lnk]
    backup=c:\windows\pss\map.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
    registrybooster [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
    2004-09-13 22:33 155648 ----a-w- c:\program files\Apoint\Apoint.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-05-13 03:00 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
    2005-09-01 23:24 684032 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
    2005-05-31 10:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-04-26 14:04 53248 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-05-12 05:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2006-08-17 14:00 1116920 ----a-w- c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-06-25 17:09 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2006-10-19 01:05 204288 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    "2479:TCP"= 2479:TCP:Services
    "8614:TCP"= 8614:TCP:Services
    "3389:TCP"= 3389:TCP:Remote Desktop
    "1820:TCP"= 1820:TCP:Services
    "3246:TCP"= 3246:TCP:Services
    "3819:TCP"= 3819:TCP:Services
    "9959:TCP"= 9959:TCP:Services
    "4068:TCP"= 4068:TCP:Services
    "9505:TCP"= 9505:TCP:Services
    "6317:TCP"= 6317:TCP:Services
    "8131:TCP"= 8131:TCP:Services
    "3131:TCP"= 3131:TCP:Services
    "9348:TCP"= 9348:TCP:Services
    "8659:TCP"= 8659:TCP:Services
    "8660:TCP"= 8660:TCP:Services
    "1990:TCP"= 1990:TCP:Services
    "2480:TCP"= 2480:TCP:Services
    "3427:TCP"= 3427:TCP:Services
    "5354:TCP"= 5354:TCP:Services
    "9676:TCP"= 9676:TCP:Services
    "9677:TCP"= 9677:TCP:Services
    "8266:TCP"= 8266:TCP:Services
    "8265:TCP"= 8265:TCP:Services
    "6710:TCP"= 6710:TCP:Services
    "6711:TCP"= 6711:TCP:Services
    "5598:TCP"= 5598:TCP:Services
    "9696:TCP"= 9696:TCP:Services
    "2542:TCP"= 2542:TCP:Services
    "3584:TCP"= 3584:TCP:Services
    "6302:TCP"= 6302:TCP:Services
    "6303:TCP"= 6303:TCP:Services
    "6598:TCP"= 6598:TCP:Services
    "6599:TCP"= 6599:TCP:Services
    "4584:TCP"= 4584:TCP:Services
    "7668:TCP"= 7668:TCP:Services
    "8099:TCP"= 8099:TCP:Services
    "8100:TCP"= 8100:TCP:Services
    "4335:TCP"= 4335:TCP:Services
    "7170:TCP"= 7170:TCP:Services
    "6508:TCP"= 6508:TCP:Services
    "6507:TCP"= 6507:TCP:Services
    "7984:TCP"= 7984:TCP:Services
    "4742:TCP"= 4742:TCP:Services
    "9630:TCP"= 9630:TCP:Services
    "9631:TCP"= 9631:TCP:Services
    "4490:TCP"= 4490:TCP:Services
    "7480:TCP"= 7480:TCP:Services
    "8913:TCP"= 8913:TCP:Services
    "8914:TCP"= 8914:TCP:Services
    "3413:TCP"= 3413:TCP:Services
    "5326:TCP"= 5326:TCP:Services
    "5820:TCP"= 5820:TCP:Services
    "5819:TCP"= 5819:TCP:Services
    "6975:TCP"= 6975:TCP:Services
    "6976:TCP"= 6976:TCP:Services
    "7336:TCP"= 7336:TCP:Services
    "7335:TCP"= 7335:TCP:Services
    "6584:TCP"= 6584:TCP:Services
    "6585:TCP"= 6585:TCP:Services
    "9974:TCP"= 9974:TCP:Services
    "9975:TCP"= 9975:TCP:Services
    "9552:TCP"= 9552:TCP:Services
    "9553:TCP"= 9553:TCP:Services
    "5040:TCP"= 5040:TCP:Services
    "8580:TCP"= 8580:TCP:Services
    "6318:TCP"= 6318:TCP:Services
    "6319:TCP"= 6319:TCP:Services
    "7318:TCP"= 7318:TCP:Services
    "7319:TCP"= 7319:TCP:Services
    "3196:TCP"= 3196:TCP:Services
    "2348:TCP"= 2348:TCP:Services
    "7912:TCP"= 7912:TCP:Services
    "7913:TCP"= 7913:TCP:Services
    "4638:TCP"= 4638:TCP:Services
    "3069:TCP"= 3069:TCP:Services
    "3383:TCP"= 3383:TCP:Services
    "5266:TCP"= 5266:TCP:Services
    "8644:TCP"= 8644:TCP:Services
    "8645:TCP"= 8645:TCP:Services
    "7629:TCP"= 7629:TCP:Services
    "7630:TCP"= 7630:TCP:Services
    "6566:TCP"= 6566:TCP:Services
    "6567:TCP"= 6567:TCP:Services
    "3444:TCP"= 3444:TCP:Services
    "5388:TCP"= 5388:TCP:Services
    "9741:TCP"= 9741:TCP:Services
    "9742:TCP"= 9742:TCP:Services
    "6757:TCP"= 6757:TCP:Services
    "6758:TCP"= 6758:TCP:Services
    "8069:TCP"= 8069:TCP:Services
    "8070:TCP"= 8070:TCP:Services
    "2888:TCP"= 2888:TCP:Services
    "2194:TCP"= 2194:TCP:Services

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/5/2010 2:02 AM 135336]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [10/19/2009 5:04 PM 110984]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [11/23/2005 7:23 PM 80384]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
    S3 MotDev;Motorola Inc. USB Device; [x]
    S3 XIRLINK;Veo PC Camera;c:\windows\system32\drivers\ucdnt.sys [3/24/2008 5:58 PM 899884]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3473567101-1286528376-471160672-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    2010-07-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3473567101-1286528376-471160672-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

    2010-07-20 c:\windows\Tasks\User_Feed_Synchronization-{31E80B77-D5EB-4B02-AE6A-0B4BF5752994}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 16:58]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
    IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
    IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
    FF - ProfilePath - c:\documents and settings\PPSO88\Application Data\Mozilla\Firefox\Profiles\nc6b34uq.default\
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-MPFExe - c:\program files\mcafee.com\personal firewall\MPfTray.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-19 22:13
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x863EF78A]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xf75dff28
    \Driver\ACPI -> ACPI.sys @ 0xf7472cb8
    \Driver\atapi -> ntkrnlpa.exe @ 0x8057c2df
    IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
    \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579014
    ParseProcedure -> ntkrnlpa.exe @ 0x80577c76
    NDIS: Intel(R) PRO/Wireless 2915ABG Network Connection -> SendCompleteHandler -> 0x86455b60
    PacketIndicateHandler -> NDIS.sys @ 0xf72d6a21
    SendHandler -> NDIS.sys @ 0xf72b487b
    user & kernel MBR OK
    copy of MBR has been found in sector 0x0950E4C1
    malicious code @ sector 0x0950E4C4 !
    PE file found in sector at 0x0950E4DA !

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1348)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\Intel\Wireless\Bin\LgNotify.dll
    .
    Completion time: 2010-07-19 22:19:00
    ComboFix-quarantined-files.txt 2010-07-20 03:18
    ComboFix2.txt 2010-02-26 07:57
    ComboFix3.txt 2010-02-26 05:04
    ComboFix4.txt 2007-09-17 05:08

    Pre-Run: 26,605,989,888 bytes free
    Post-Run: 26,635,599,872 bytes free

    - - End Of File - - 510974A13C937A3385C96B7178D80095
     
  8. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    ESET log

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=1
    esets_scanner_update returned -1 esets_gle=1
    esets_scanner_update returned -1 esets_gle=1
    # version=7
    # iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=d9022f0ecf10254183ffd3be7b8b4eff
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-07-20 06:27:40
    # local_time=2010-07-20 01:27:40 (-0600, Central Daylight Time)
    # country="United States"
    # lang=9
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16775141 100 93 0 37748342 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=134932
    # found=1
    # cleaned=0
    # scan_time=5220
    C:\Documents and Settings\HelpAssistant.PPSO-D1G5MW81.000\Local Settings\Temp\plugtmp-2\plugin-pdf0x1.php JS/Exploit.Pdfka.OBK.Gen trojan 00000000000000000000000000000000 I
     
  9. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    Avira log

    Avira AntiVir Personal
    Report file date: Monday, July 19, 2010 00:56

    Scanning for 2360683 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : John
    Computer name : PPSO-D1G5MW81

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
    VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
    VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
    VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
    VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
    VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
    VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
    VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
    VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
    VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
    VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
    VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
    VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
    VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
    VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
    VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
    VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
    VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
    VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
    VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
    VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
    VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
    VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
    VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
    VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
    VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
    Engineversion : 8.2.4.12
    AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
    AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
    AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
    AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
    AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
    AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
    AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
    AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
    AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
    AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
    AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
    AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
    AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: delete
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

    Start of the scan: Monday, July 19, 2010 00:56

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
    [NOTE] The registry entry is invisible.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '66' Module(s) have been scanned
    Scan process 'msdtc.exe' - '43' Module(s) have been scanned
    Scan process 'dllhost.exe' - '61' Module(s) have been scanned
    Scan process 'dllhost.exe' - '48' Module(s) have been scanned
    Scan process 'vssvc.exe' - '51' Module(s) have been scanned
    Scan process 'avcenter.exe' - '98' Module(s) have been scanned
    Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'realsched.exe' - '34' Module(s) have been scanned
    Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
    Scan process 'jusched.exe' - '24' Module(s) have been scanned
    Scan process 'avgnt.exe' - '56' Module(s) have been scanned
    Scan process 'alg.exe' - '36' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
    Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '45' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
    Scan process 'MDM.EXE' - '28' Module(s) have been scanned
    Scan process 'jqs.exe' - '33' Module(s) have been scanned
    Scan process 'Iap.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
    Scan process 'avguard.exe' - '53' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'sched.exe' - '48' Module(s) have been scanned
    Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
    Scan process 'svchost.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '163' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '70' Module(s) have been scanned
    Scan process 'winlogon.exe' - '78' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1867' files ).


    Starting the file scan:

    Begin scan in 'C:\'


    End of the scan: Monday, July 19, 2010 02:12
    Used time: 1:15:51 Hour(s)

    The scan has been done completely.

    13754 Scanned directories
    415191 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    415191 Files not concerned
    4605 Archives were scanned
    0 Warnings
    0 Notes
    925494 Objects were scanned with rootkit scan
    2 Hidden objects were found
     
  10. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    Avira AntiVir Personal
    Report file date: Monday, July 19, 2010 00:56

    Scanning for 2360683 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : John
    Computer name : PPSO-D1G5MW81

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
    VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 07:12:05
    VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 07:12:06
    VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 07:12:09
    VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 07:12:11
    VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 07:12:13
    VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 07:12:16
    VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 07:12:19
    VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 07:12:26
    VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 07:12:29
    VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 07:12:33
    VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 07:12:38
    VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 07:12:41
    VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 07:12:44
    VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 08:15:00
    VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 23:21:38
    VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 23:21:42
    VBASE023.VDF : 7.10.9.60 150016 Bytes 7/11/2010 14:58:44
    VBASE024.VDF : 7.10.9.79 113152 Bytes 7/13/2010 19:03:48
    VBASE025.VDF : 7.10.9.99 158720 Bytes 7/16/2010 19:03:30
    VBASE026.VDF : 7.10.9.100 2048 Bytes 7/16/2010 19:03:30
    VBASE027.VDF : 7.10.9.101 2048 Bytes 7/16/2010 19:03:30
    VBASE028.VDF : 7.10.9.102 2048 Bytes 7/16/2010 19:03:30
    VBASE029.VDF : 7.10.9.103 2048 Bytes 7/16/2010 19:03:31
    VBASE030.VDF : 7.10.9.104 2048 Bytes 7/16/2010 19:03:31
    VBASE031.VDF : 7.10.9.109 144896 Bytes 7/18/2010 05:48:48
    Engineversion : 8.2.4.12
    AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 07:14:11
    AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 7/15/2010 19:03:47
    AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
    AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
    AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 07:14:01
    AEPACK.DLL : 8.2.2.6 430452 Bytes 7/15/2010 19:03:39
    AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/8/2010 23:21:52
    AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 07:13:52
    AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 07:13:43
    AEGEN.DLL : 8.1.3.14 381299 Bytes 7/15/2010 19:03:35
    AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
    AECORE.DLL : 8.1.15.4 192886 Bytes 7/15/2010 19:03:33
    AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: repair
    Secondary action....................: delete
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium
    Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,

    Start of the scan: Monday, July 19, 2010 00:56

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{i81a067bde7db239c}
    [NOTE] The registry entry is invisible.
    HKEY_USERS\S-1-5-21-3473567101-1286528376-471160672-1007\Software\Licenses\{081a067bde7db239c}
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '66' Module(s) have been scanned
    Scan process 'msdtc.exe' - '43' Module(s) have been scanned
    Scan process 'dllhost.exe' - '61' Module(s) have been scanned
    Scan process 'dllhost.exe' - '48' Module(s) have been scanned
    Scan process 'vssvc.exe' - '51' Module(s) have been scanned
    Scan process 'avcenter.exe' - '98' Module(s) have been scanned
    Scan process 'RegistryBooster.exe' - '42' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
    Scan process 'realsched.exe' - '34' Module(s) have been scanned
    Scan process 'AdobeARM.exe' - '47' Module(s) have been scanned
    Scan process 'jusched.exe' - '24' Module(s) have been scanned
    Scan process 'avgnt.exe' - '56' Module(s) have been scanned
    Scan process 'alg.exe' - '36' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '49' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '101' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '43' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
    Scan process 'UStorSrv.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '45' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'NICCONFIGSVC.exe' - '46' Module(s) have been scanned
    Scan process 'MDM.EXE' - '28' Module(s) have been scanned
    Scan process 'jqs.exe' - '33' Module(s) have been scanned
    Scan process 'Iap.exe' - '30' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
    Scan process 'avguard.exe' - '53' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'sched.exe' - '48' Module(s) have been scanned
    Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
    Scan process 'svchost.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'svchost.exe' - '163' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '59' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '70' Module(s) have been scanned
    Scan process 'winlogon.exe' - '78' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1867' files ).


    Starting the file scan:

    Begin scan in 'C:\'


    End of the scan: Monday, July 19, 2010 02:12
    Used time: 1:15:51 Hour(s)

    The scan has been done completely.

    13754 Scanned directories
    415191 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    415191 Files not concerned
    4605 Archives were scanned
    0 Warnings
    0 Notes
    925494 Objects were scanned with rootkit scan
    2 Hidden objects were found
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, sorry for the misunderstanding- I didn't mean for you to repost the logs pasted in. But let's do some cleaning up.
    Multiple AV programs:
    You have processes for Avira, Norton and McAfee loading. I see where you removed the McAfee firewall, but an entry remains. I can move this in the script I write for Combofix. For Norton, I recommend you run Norton Removal Tool I also see BitDefender, so let's gets a security check:

    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

    I will need GMER as Combofix shows Rootkit malware but not what or where.

    I don't need any more Avira scans so you can't delete those logs if you want. I will have you run an online scan.

    I will wait on the Combofix script until I get the Security log and the GMER log.

    EDIT: I recommend you uninstall the Uniblue Registry cleaner. Most of us don't recommend Registry cleaners. If you decide to keep it, please disable it while I'm helping you,
     
     
  12. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    Update on blue screen error

    I got the error today and the technical information was "***STOP: 0X0000008E (0XC0000005, OX805B63AD, OXB80C796C, 0X00000000)"

    i will run the requested programs and post the logs shortly.

    Thanks again for your help,
    John
     
  13. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    security checkup log

    I ran norton uninstall prior to running security check


    Results of screen317's Security Check version 0.99.4
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 20
    Adobe Flash Player 10.1.53.64
    Adobe Reader 9.3
    Mozilla Firefox (3.6.6)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

    ``````````End of Log````````````
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Post when ready. We can deal with error if it persists later.
     
  15. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-21 21:47:58
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\PPSO88\LOCALS~1\Temp\uwtyrpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT F7BA30D4 ZwCreateThread
    SSDT F7BA30C0 ZwOpenProcess
    SSDT F7BA30C5 ZwOpenThread

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF6274A80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01D9B9BB
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01D9B558
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01D9B86D
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01D9B639
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01D9B70C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[152] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0123B9BB
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0123B558
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0123B86D
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0123B639
    .text C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe[176] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0123B70C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 007DB9BB
    .text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007DB558
    .text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007DB86D
    .text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!recv 71AB676F 5 Bytes JMP 007DB639
    .text C:\Program Files\Bonjour\mDNSResponder.exe[336] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 007DB70C
    .text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C2B9BB
    .text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C2B558
    .text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C2B86D
    .text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C2B639
    .text C:\WINDOWS\System32\alg.exe[396] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C2B70C
    .text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BDB9BB
    .text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BDB558
    .text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BDB86D
    .text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BDB639
    .text C:\WINDOWS\system32\UStorSrv.exe[620] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BDB70C
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0199B9BB
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0199B558
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0199B86D
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0199B639
    .text C:\Program Files\Avira\AntiVir Desktop\sched.exe[964] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0199B70C
    .text C:\WINDOWS\system32\winlogon.exe[1352] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 015B2946
    .text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015BB9BB
    .text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015BB558
    .text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015BB86D
    .text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015BB639
    .text C:\Program Files\Dell\OpenManage\Client\Iap.exe[1640] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015BB70C
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0093B9BB
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0093B558
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0093B86D
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0093B639
    .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1880] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0093B70C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2148] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011FB9BB
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011FB558
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011FB86D
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011FB639
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011FB70C
    .text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0152B9BB
    .text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0152B558
    .text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0152B86D
    .text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0152B639
    .text C:\WINDOWS\system32\Ati2evxx.exe[2236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0152B70C
    .text C:\WINDOWS\Explorer.EXE[2392] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 01522758
    .text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0161B9BB
    .text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0161B558
    .text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0161B86D
    .text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0161B639
    .text C:\WINDOWS\Explorer.EXE[2392] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0161B70C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E3B9BB
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E3B558
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E3B86D
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E3B639
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E3B70C
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 018DB9BB
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!send 71AB4C27 5 Bytes JMP 018DB558
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 018DB86D
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!recv 71AB676F 5 Bytes JMP 018DB639
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2664] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 018DB70C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013CB9BB
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013CB558
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013CB86D
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013CB639
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2692] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013CB70C
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013FB9BB
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013FB558
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 013FB86D
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013FB639
    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3020] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013FB70C
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01F7B9BB
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01F7B558
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01F7B86D
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01F7B639
    .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[3488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01F7B70C
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F1B9BB
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F1B558
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F1B86D
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F1B639
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[3496] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F1B70C

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
    AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \FileSystem\cdudf_xp \Device\CdUdf_XP DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
    Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
    Device B6E3ED20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- EOF - GMER 1.0.15 ----
     
  16. jpb2872

    jpb2872 TS Rookie Topic Starter Posts: 22

    Will be back on August 2, 2010

    I will be out of town and will not have access to this PC until August 2, 2010. Please post the next instructions and I will follow them as soon as I return and post the results.
    Thanks for your help.
    John
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    John, I am going to close this thread for now- so no one else posts on it. When you get back, send me a PM and I will reopen the thread..

    Please don't keep running other cleaning programs. I now see OTL on the list.
    1. I will make sure you have only 1 antivirus.
    2. The time and possibly the date on the system might not be correct.
    3. You have LimeWire on startup. That will have to stop for now.
    4. You have the Uniblue Registry Booster and 'Tweaker' running. Both need to be disabled for now.
    5. You have a malware infection that indicates a Bootkit or Rootkit virus. This might be related to the entry found in the Eset scan. That will require special programs.

    Temporary close of thread until 8/2/2010

    Remind me that this URL is: http://www.techspot.com/vb/topic150294.html#post910135
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.