TechSpot

Hidden Internet Explorer

By netjock
Jul 4, 2010
  1. Please help. I am concerned that when immunizing with Spybot S&D I get a message telling me IE is still running in the background after I have closed my Mozilla Firefox browser. Do I have trojan trouble?
    Here is my latest Hijackthis log:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:17, on 04/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Norton Utilities 14\nu.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe /H
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate1c995ce4d4e0972) (gupdate1c995ce4d4e0972) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 10997 bytes
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We don't 'scrren' a system for malware with HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Hi Bobbye. Sorry about use of HijackThis in inaugural post. Nothing in the welcome notes I saw to indicate it was not recognised. Thankyou for taking an interest in my problem. Would deeply appreciate your expert assessment. Hope these are the correct logs. Will send in three batches.Kind regards.

    PC Logs July 5. 2010.


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4274

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    05/07/2010 08:43:01
    mbam-log-2010-07-05 (08-43-01).txt

    Scan type: Quick scan
    Objects scanned: 129929
    Time elapsed: 11 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. netjock

    netjock TS Rookie Topic Starter Posts: 35

    PC Logs July 5. 2010.
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-05 10:45:08
    Windows 5.1.2600 Service Pack 3
    Running: 2sttlvz9.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kfwyypoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT 86F6E520 ZwAlertResumeThread
    SSDT 86E8E0C0 ZwAlertThread
    SSDT 86E8A0E0 ZwAllocateVirtualMemory
    SSDT 870C2BD8 ZwAssignProcessToJobObject
    SSDT 86F270E0 ZwConnectPort
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xF462F704]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF491B210]
    SSDT 86F3A120 ZwCreateMutant
    SSDT 86E42F80 ZwCreateSymbolicLinkObject
    SSDT 86F13150 ZwCreateThread
    SSDT 86C78128 ZwDebugActiveProcess
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xF462F864]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF491B490]
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF491B9F0]
    SSDT 86EB7090 ZwDuplicateObject
    SSDT 86E9A120 ZwFreeVirtualMemory
    SSDT 86F77CE8 ZwImpersonateAnonymousToken
    SSDT 86E65E08 ZwImpersonateThread
    SSDT 86FB15F8 ZwLoadDriver
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xF463321A]
    SSDT 86E8D008 ZwMapViewOfSection
    SSDT 86E3C6E0 ZwOpenEvent
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xF462F7C8]
    SSDT 86EB7008 ZwOpenProcess
    SSDT 86C4A070 ZwOpenProcessToken
    SSDT 87053548 ZwOpenSection
    SSDT 86EB7160 ZwOpenThread
    SSDT 86E3B4C8 ZwProtectVirtualMemory
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xF4633190]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xF46330FA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xF463312C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xF463315E]
    SSDT 86C81070 ZwResumeThread
    SSDT 86C95070 ZwSetContextThread
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xF462F8C4]
    SSDT 86E8D0D8 ZwSetInformationProcess
    SSDT 86EA5B78 ZwSetSystemInformation
    SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF491BC40]
    SSDT 870526E0 ZwSuspendProcess
    SSDT 86CB10C0 ZwSuspendThread
    SSDT 86C200C8 ZwTerminateProcess
    SSDT 86C8D0C0 ZwTerminateThread
    SSDT 86C510C0 ZwUnmapViewOfSection
    SSDT 86E9A008 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 24D0 80501D08 4 Bytes CALL 84D71489
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF61B5360, 0x307AC7, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[952] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[952] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[952] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[952] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[952] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3940] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3940] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3940] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 017DF7A0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 017DF750
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 017DB490
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 017DC700
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 017DE4D0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 017DCDA0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 017DC9E0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 017DDAD0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 017DF450
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 017DF490
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 017DF830
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 017DF310
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 017DE430
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 017DD360
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 017DCC70
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 017DD0A0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 017DFDB0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 017DDE20
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 017DE290
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 017DE950
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 017DE6E0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 017DE8D0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 017DEDF0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 017DEB00
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 017DCB40
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 017DD210
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 017DF570
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 017DE820
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 017DE3D0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 017DE250
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 017DE5E0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 017DF850
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 017DE620
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 017DFAF0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 017DFA90
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 017DFCE0
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 017DFD80
    IAT C:\Program Files\Norton Utilities 14\nu.exe[3784] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 017DFBB0

    -
     
  5. netjock

    netjock TS Rookie Topic Starter Posts: 35

    GMR (2) 017DFBB0

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\streamlock.dat 0 bytes
    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\tmp1bc1.tmp 0 bytes
    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Lue\Downloads\1278319178jtun_streamset.zip 0 bytes
    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Lue\Downloads\streaming 0 bytes
    File C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Lue\Logs\TempLog.Lue 4096 bytes

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 14/04/2007 13:53:04
    System Uptime: 07/05/2010 08:26:38 (1419 hours ago)

    Motherboard: ASUSTek Computer INC. | | Salmon
    Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2411/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 182 GiB total, 135.787 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 1.221 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
     
  6. netjock

    netjock TS Rookie Topic Starter Posts: 35

    PC Logs July
    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Wireless PCI 802.11b/g adapter WN4201B
    Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_42031113&REV_01\3&61AAA01&1&50
    Manufacturer: Accton
    Name: Wireless PCI 802.11b/g adapter WN4201B
    PNP Device ID: PCI\VEN_1260&DEV_3890&SUBSYS_42031113&REV_01\3&61AAA01&1&50
    Service: PRISM_A00

    Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
    Description: VIA OHCI Compliant IEEE 1394 Host Controller
    Device ID: PCI\VEN_1106&DEV_3044&SUBSYS_2A04103C&REV_80\3&61AAA01&1&58
    Manufacturer: VIA
    Name: VIA OHCI Compliant IEEE 1394 Host Controller
    PNP Device ID: PCI\VEN_1106&DEV_3044&SUBSYS_2A04103C&REV_80\3&61AAA01&1&58
    Service: ohci1394

    ==== System Restore Points ===================

    RP172: 06/04/2010 13:10:46 - System Checkpoint
    RP173: 07/04/2010 13:21:21 - System Checkpoint
    RP174: 08/04/2010 16:11:02 - System Checkpoint
    RP175: 09/04/2010 16:19:37 - System Checkpoint
    RP176: 10/04/2010 16:41:22 - System Checkpoint
    RP177: 11/04/2010 17:38:27 - System Checkpoint
    RP178: 12/04/2010 18:14:45 - System Checkpoint
    RP179: 13/04/2010 19:12:52 - System Checkpoint
    RP180: 14/04/2010 19:25:21 - System Checkpoint
    RP181: 15/04/2010 00:18:08 - Software Distribution Service 3.0
    RP182: 16/04/2010 11:13:03 - System Checkpoint
    RP183: 17/04/2010 11:35:15 - System Checkpoint
    RP184: 18/04/2010 13:42:41 - System Checkpoint
    RP185: 19/04/2010 15:00:33 - System Checkpoint
    RP186: 20/04/2010 15:52:29 - System Checkpoint
    RP187: 21/04/2010 16:10:05 - System Checkpoint
    RP188: 22/04/2010 16:29:04 - System Checkpoint
    RP189: 23/04/2010 19:48:44 - System Checkpoint
    RP190: 24/04/2010 19:53:04 - System Checkpoint
    RP191: 25/04/2010 20:10:17 - System Checkpoint
    RP192: 27/04/2010 09:30:26 - System Checkpoint
    RP193: 28/04/2010 13:20:30 - utilities start
    RP194: 28/04/2010 13:25:11 - Made by Norton Utilities O
    RP195: 28/04/2010 13:26:32 - Made by Norton Utilities O
    RP196: 28/04/2010 15:06:16 - Installed DirectX
    RP197: 28/04/2010 15:28:06 - Made by Norton Utilities O
    RP198: 29/04/2010 18:22:00 - System Checkpoint
    RP199: 30/04/2010 16:07:18 - Made by Norton Utilities O
    RP200: 01/05/2010 16:49:20 - System Checkpoint
    RP201: 02/05/2010 17:41:58 - System Checkpoint
    RP202: 03/05/2010 17:54:44 - System Checkpoint
    RP203: 04/05/2010 18:06:08 - System Checkpoint
    RP204: 05/05/2010 18:49:08 - System Checkpoint
    RP205: 06/05/2010 20:35:03 - System Checkpoint
    RP206: 07/05/2010 20:46:15 - System Checkpoint
    RP207: 08/05/2010 21:00:08 - System Checkpoint
    RP208: 09/05/2010 21:42:11 - System Checkpoint
    RP209: 10/05/2010 21:47:09 - System Checkpoint
    RP210: 12/05/2010 10:22:59 - System Checkpoint
    RP211: 12/05/2010 23:54:58 - Software Distribution Service 3.0
    RP212: 14/05/2010 00:07:01 - System Checkpoint
    RP213: 15/05/2010 14:02:39 - System Checkpoint
    RP214: 16/05/2010 14:08:22 - System Checkpoint
    RP215: 17/05/2010 14:15:58 - System Checkpoint
    RP216: 18/05/2010 14:40:52 - System Checkpoint
    RP217: 19/05/2010 14:44:03 - System Checkpoint
    RP218: 20/05/2010 14:57:52 - System Checkpoint
    RP219: 21/05/2010 15:16:20 - System Checkpoint
    RP220: 22/05/2010 16:00:12 - System Checkpoint
    RP221: 23/05/2010 16:57:16 - System Checkpoint
    RP222: 25/05/2010 13:25:22 - System Checkpoint
    RP223: 26/05/2010 14:15:46 - System Checkpoint
    RP224: 26/05/2010 23:07:09 - Software Distribution Service 3.0
    RP225: 27/05/2010 23:41:59 - System Checkpoint
    RP226: 29/05/2010 12:46:45 - System Checkpoint
    RP227: 30/05/2010 14:40:19 - System Checkpoint
    RP228: 31/05/2010 15:12:28 - System Checkpoint
    RP229: 01/06/2010 15:30:26 - System Checkpoint
    RP230: 02/06/2010 15:53:28 - System Checkpoint
    RP231: 03/06/2010 16:35:42 - System Checkpoint
    RP232: 04/06/2010 17:04:58 - System Checkpoint
    RP233: 04/06/2010 22:00:46 - Software Distribution Service 3.0
    RP234: 05/06/2010 22:08:36 - System Checkpoint
    RP235: 06/06/2010 22:16:00 - System Checkpoint
    RP236: 08/06/2010 09:44:59 - System Checkpoint
    RP237: 09/06/2010 11:19:20 - System Checkpoint
    RP238: 10/06/2010 12:18:13 - System Checkpoint
    RP239: 11/06/2010 01:16:22 - Software Distribution Service 3.0
    RP240: 12/06/2010 10:55:03 - System Checkpoint
    RP241: 13/06/2010 11:41:57 - System Checkpoint
    RP242: 14/06/2010 12:26:43 - System Checkpoint
    RP243: 15/06/2010 11:36:35 - Installed Rapport
    RP244: 16/06/2010 11:48:19 - System Checkpoint
    RP245: 17/06/2010 12:01:17 - System Checkpoint
    RP246: 18/06/2010 12:53:28 - System Checkpoint
    RP247: 19/06/2010 14:08:55 - System Checkpoint
    RP248: 20/06/2010 14:14:52 - System Checkpoint
    RP249: 21/06/2010 15:12:27 - System Checkpoint
    RP250: 22/06/2010 15:25:02 - System Checkpoint
    RP251: 23/06/2010 15:38:13 - System Checkpoint
    RP252: 23/06/2010 23:59:45 - Software Distribution Service 3.0
    RP253: 25/06/2010 09:23:24 - System Checkpoint
    RP254: 26/06/2010 09:32:10 - System Checkpoint
    RP255: 27/06/2010 10:09:58 - System Checkpoint
    RP256: 28/06/2010 10:01:46 - Installed QuickTime
    RP257: 28/06/2010 12:10:43 - Removed Java(TM) 6 Update 12
    RP258: 28/06/2010 12:11:27 - Installed Java(TM) 6 Update 20
    RP259: 29/06/2010 12:18:25 - System Checkpoint
    RP260: 30/06/2010 14:32:34 - System Checkpoint
    RP261: 01/07/2010 15:21:06 - System Checkpoint
    RP262: 02/07/2010 15:34:39 - System Checkpoint
    RP263: 03/07/2010 10:24:50 - Made by Norton Utilities O
    RP264: 03/07/2010 17:05:45 - Installed Windows Internet Explorer 8.
    RP265: 03/07/2010 17:07:07 - Software Distribution Service 3.0
    RP266: 03/07/2010 19:16:26 - Software Distribution Service 3.0
    RP267: 04/07/2010 15:53:49 - Removed Java 2 Runtime Environment, SE v1.4.2_03
    RP268: 04/07/2010 15:55:17 - Removed Java(TM) 6 Update 20
    RP269: 04/07/2010 15:58:19 - Installed Java(TM) 6 Update 20
    RP270: 04/07/2010 16:05:33 - Removed Adobe Reader 9.3.3.
    RP271: 04/07/2010 16:10:28 - Installed Adobe Reader 9.3.

    ==== Installed Programs ======================

    Ad-Aware
    Ad-Aware Email Scanner for Outlook
    Adobe Acrobat 5.0
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3
    Adobe Shockwave Player 11.5
    Agere Systems PCI Soft Modem
    AiO_Scan
    AiOSoftware
    Apple Application Support
    Apple Software Update
    BT Broadband Help
    BT Yahoo! Applications
    BufferChm
    CameraDrivers
    Canon CanoScan Toolbox 4.8
    Compatibility Pack for the 2007 Office system
    Copy
    CreativeProjects
    CreativeProjectsTemplates
    Critical Update for Windows Media Player 11 (KB959772)
    CueTour
    Destinations
    Director
    DocProc
    DocumentViewer
    Easy Internet Sign-up
    EPSON Printer Software
    Fax
    Genie Backup Assistant
    Google Desktop
    Google Photos Screensaver
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Help and Support Additions
    High Definition Audio Driver Package - KB835221
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet Preloaded Printer Drivers
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP Image Zone Plus 4.2
    HP Photo & Imaging 3.5 - HP Devices
    HP PSC & OfficeJet 4.0
    HP Software Update
    hpg2436
    hpg3970
    hpg4600
    hpg5530
    hpg8200
    HPIZ402
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    InterVideo WinDVD Creator 2
    InterVideo WinDVD Player
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Malwarebytes' Anti-Malware
    Manual CanoScan 8400F
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Baseline Security Analyzer 2.1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2004 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (3.6.6)
    MSN
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySpaceIM
    Norton Internet Security
    Norton PC Checkup
    Norton Utilities
    NVIDIA Drivers
    OmniPage SE 2.0
    PhotoGallery
    Presto! PageManager 6.11
    PrintScreen
    PS2
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    QuickProjects
    QuickTime
    Rapport
    Readme
    RealPlayer
    Scan
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    SiS VGA Utilities
    SkinsHP1
    SkinsHP2
    Sonic RecordNow!
    Spelling Dictionaries Support For Adobe Reader 9
    Spotify
    Spybot - Search & Destroy
    SpywareBlaster 4.3
    System Requirements Lab
    TrayApp
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB982632)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Toolbar
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows XP Service Pack 3
    Wireless SoftAP Version 2.0.17.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    28/06/2010 12:10:30, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    04/07/2010 15:54:15, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    04/07/2010 15:34:04, error: Service Control Manager [7034] - The SoftAP WPA Authenticator Service service terminated unexpectedly. It has done this 1 time(s).
    04/07/2010 15:34:04, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    04/07/2010 15:34:03, error: Service Control Manager [7034] - The GEARSecurity service terminated unexpectedly. It has done this 1 time(s).
    04/07/2010 15:34:03, error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
    04/07/2010 15:34:03, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    03/07/2010 11:18:33, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    03/07/2010 07:57:11, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    03/07/2010 07:57:06, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
    03/07/2010 07:56:38, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NIS service.
    02/07/2010 08:13:31, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00112FA1C86D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    =
     
  7. netjock

    netjock TS Rookie Topic Starter Posts: 35

    I am a first time user in need of assistance. It is now three days since I posted my problem. Since then I have completed all eight steps and posted the requested logs. Am I doing something wrong? Please help.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology for your wait. Maybe there is a date problem on the board, but your posts all say '1 day ago.' And for some reason, I didn't get the feedback that you had replied back. Original HJT log is dated 7/4 and other logs show 7/5, which is yesterday.

    One of the DDS logs is missing:


    The DDS.txt includes Running Processes, Pseudo HJT Report , FIREFOX plus other entries.
    The Attach.txt has this Warning at the top:
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    and includes Disk Partitions, Disabled Device Manager Items, Installed Programs plus other entries.

    You actually left the Attach.txt part, omitted the warning and don't have the 'Attached.txt name. So I need the DDS.txt log.

    Please run the following 2 programs while I check your logs:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    =================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  9. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Deeply grateful for your expert tuition and help. I will, of course, attempt to follow your latest intructions to the letter. Unfortunately, I have hit an early snag with ComboFix. Have closed down my Norton antivirus and firewall as requested, but warning notice has flagged up saying I still have ab AVG Internet Security antivirus running. Completely baffled. Nothing running in Task Manager, no AVG programmes when checking add and remove and nothing coming up in file and folder search either. Can you see anyting from the logs I've already sent which might help be get around this? Kind regards.
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you give me the DDS log I requested, I can see what's running. Please do that before you run Combofix and Eset.
     
  11. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Sorry. Here are the latest DDS logs. (one of two phases)
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HP_Owner at 17:41:10.82 on 06/07/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.446 [GMT 1:00]

    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\Program Files\Arcadyan Wireless\pctwpasv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Norton Utilities 14\nu.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Documents and Settings\HP_Owner\My Documents\Downloads\dds(3).scr
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = www.google.com
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
    BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    BHO: 1 (0x1) - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
    TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
    IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hp_owner\applic~1\mozilla\firefox\profiles\390w2b2o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\hp_owner\application data\mozilla\firefox\profiles\390w2b2o.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
     
  12. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Second section:


    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-30 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-25 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-25 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-23 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-25 501888]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-24 390528]
    R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-25 116784]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-25 126392]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.2.547\SymcPCCULaunchSvc.exe [2010-4-29 103280]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.2.547\ccSvcHst.exe [2010-4-29 126392]
    R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\arcadyan wireless\pctwpasv.exe [2004-1-30 204800]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100706.002\IDSXpx86.sys [2010-7-6 331640]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100705.040\NAVENG.SYS [2010-7-6 85552]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100705.040\NAVEX15.SYS [2010-7-6 1347504]
    R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2004-1-2 24608]
    R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [2010-7-5 11831]
    S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\google\update\GoogleUpdate.exe [2009-2-23 133104]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys --> c:\windows\system32\drivers\avgfwdx.sys [?]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-4-14 29744]
    S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [2004-1-2 350282]
    S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [2010-7-5 13395]

    =============== Created Last 30 ================

    2010-07-06 16:06:37 0 d-s---w- C:\ComboFix
    2010-07-05 16:12:41 608 ----a-w- c:\windows\UnDeviceUpd
    2010-07-05 16:12:41 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
    2010-07-05 16:12:40 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
    2010-07-05 16:12:39 0 d-----w- c:\program files\LaCieTools
    2010-07-05 14:55:00 0 d-----w- c:\docume~1\hp_owner\applic~1\ElevatedDiagnostics
    2010-07-04 15:25:51 0 d-----w- c:\docume~1\hp_owner\applic~1\Malwarebytes
    2010-07-04 15:25:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-04 15:25:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-07-04 15:25:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-04 15:25:37 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-04 14:59:00 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-07-03 18:24:43 0 d-----w- c:\docume~1\hp_owner\applic~1\Norton Utilities 14
    2010-07-03 16:49:15 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
    2010-07-03 16:49:15 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
    2010-07-03 16:49:14 880640 ----a-w- c:\windows\system32\UniBox10.ocx
    2010-07-03 16:04:02 0 dc-h--w- c:\windows\ie8
    2010-07-03 09:59:42 3072 ----a-w- c:\documents and settings\hp_owner\Cache.db
    2010-06-28 12:59:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
    2010-06-28 11:12:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-10 07:29:16 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

    ==================== Find3M ====================

    2010-07-05 11:23:57 26080 ----a-w- c:\docume~1\hp_owner\applic~1\wklnhst.dat
    2010-06-18 10:41:54 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-06-06 00:23:37 339968 ----a-w- c:\windows\system32\RapportBuka.dll
    2010-06-04 14:53:47 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-28 10:05:42 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2005-02-02 13:55:56 0 -csh--w- c:\windows\sminst\HPCD.SYS
    2008-06-04 18:49:21 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008060420080605\index.dat

    ============= FINISH: 17:42:04.07 ===============
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There are entries to start AVG and it is running. Did you have AVG v8.5 and try to remove it? There is still a driver, a Service, a BHO> Browser Helper Object and Registry entry. And you also have the Norton Internet Security.

    Are you aware that you should run only one software antivirus program and only one firewall? The header on the DDS log shows 2 of each> AVG and Norton:
    Whether you're turning them off for the scan isn't the issue. One of these programs needs to be removed. Please decide which you want to uninstall and run one of the following removal tools:
    Norton Removal Tool
    AVG Removal: Note: You may have to reinstall AVG to uninstall it fully.

    Please reboot the computer when through. Then proceed with Combofix and the Eset scan.
     
  14. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Had AVG before Norton, but made best efforts to remove it. Tried regedit and found no traces left and also today ran AVG removal tool. Never had a paid for AVG programme so am unable to to confirm it was AVG v8.5. Running your AVG removal tool now, but if it doesn't work I have no idea how to run reinstall.
     
  15. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Had already run this uninstall programme and rebooted. Windows still saying I have more than one antivirus prog running. How can I reinstall an AVG programme I cannot relocate in order to uninstall it fully? Once again, many thanks for devoting your precious time and expertise.
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, I can remove them. Just ignore the Warnings. Go ahead and run Combofix and the Eset scan. I've already set up some script but you need to run Combofix first to use it.

    The uninstall is probably not going to work since you have removed part of the program.
     
  17. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Cannot use Combofix. Message tells me to rename it, preferably made up with alphanumeric characters
     
  18. netjock

    netjock TS Rookie Topic Starter Posts: 35

    12.40am on this side of the pond. Weary now, but looking forward to a brave new dawn thanks to Bobbye.
     
  19. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Hi Bobbye. Hope you are well. Here is the requested ComboFix txt log you requested. Comes in two parts. Kind Regards.

    ComboFix 10-07-06.03 - HP_Owner 07/07/2010 13:53:10.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.490 [GMT 1:00]
    Running from: c:\documents and settings\HP_Owner\My Documents\Downloads\ComboFix.exe
    AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
    .

    2010-07-07 12:21 . 2010-07-06 17:28 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-07-07 08:11 . 2010-07-06 17:28 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-07-07 08:08 . 2010-07-07 08:08 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
    2010-07-07 08:06 . 2010-07-07 08:06 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
    2010-07-07 08:06 . 2010-07-06 17:29 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}\Ad-AwareInstall.exe
    2010-07-06 23:27 . 2010-07-06 23:27 -------- d-----w- c:\program files\ESET
    2010-07-05 16:12 . 2003-11-26 13:02 11831 ----a-w- c:\windows\system32\drivers\SlUSBFlt.sys
    2010-07-05 16:12 . 2001-10-19 11:07 13395 ----a-w- c:\windows\system32\drivers\SlFilter.sys
    2010-07-05 16:12 . 2010-07-05 16:12 -------- d-----w- c:\program files\LaCieTools
    2010-07-05 14:55 . 2010-07-05 14:55 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\ElevatedDiagnostics
    2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Malwarebytes
    2010-07-04 15:25 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-04 15:25 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-04 15:25 . 2010-07-04 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-03 18:24 . 2010-07-03 18:24 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Norton Utilities 14
    2010-07-03 16:04 . 2010-07-03 16:06 -------- dc-h--w- c:\windows\ie8
    2010-06-28 12:59 . 2010-06-28 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-06-28 11:12 . 2010-06-28 11:12 503808 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcp71.dll
    2010-06-28 11:12 . 2010-06-28 11:12 499712 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\jmc.dll
    2010-06-28 11:12 . 2010-06-28 11:12 348160 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6abcc075-n\msvcr71.dll
    2010-06-28 11:12 . 2010-06-28 11:12 61440 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-sse.dll
    2010-06-28 11:12 . 2010-06-28 11:12 12800 ----a-w- c:\documents and settings\HP_Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-5c3b8747-n\decora-d3d.dll
    2010-06-28 11:12 . 2010-07-04 14:58 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-28 10:29 . 2010-06-28 10:29 -------- d-----w- c:\program files\NOS
    2010-06-28 09:02 . 2010-06-28 09:03 -------- d-----w- c:\program files\QuickTime
    2010-06-27 16:15 . 2010-06-27 16:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
    2010-06-27 16:08 . 2010-06-27 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-06-10 07:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\9196\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\1053\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\9196\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\1053\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\9196\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\9196\AcrobatUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\1053\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\1053\AcrobatUpdater.exe
    2010-06-07 17:07 . 2010-06-07 17:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-07 13:05 . 2007-04-14 17:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-07 08:08 . 2007-04-14 13:44 -------- d-----w- c:\program files\Google
    2010-07-07 08:05 . 2007-06-16 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-07-07 08:05 . 2007-04-15 10:29 -------- d-----w- c:\program files\Lavasoft
    2010-07-07 07:49 . 2010-02-16 10:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
    2010-07-06 22:52 . 2007-04-14 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-07-06 13:03 . 2009-02-14 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-07-05 11:23 . 2007-04-14 15:36 26080 ----a-w- c:\documents and settings\HP_Owner\Application Data\wklnhst.dat
    2010-07-04 15:11 . 2007-04-14 15:33 -------- d-----w- c:\program files\Common Files\Adobe
    2010-07-04 14:59 . 2004-01-02 01:46 -------- d-----w- c:\program files\Common Files\Java
    2010-07-04 14:54 . 2004-01-02 01:46 -------- d-----w- c:\program files\Java
    2010-07-04 13:03 . 2009-01-19 14:31 -------- d-----w- c:\program files\Trend Micro
    2010-07-04 11:36 . 2007-04-14 17:58 -------- d-----w- c:\program files\SpywareBlaster
    2010-07-03 18:22 . 2010-04-28 11:49 -------- d-----w- c:\program files\Norton Utilities 14
    2010-06-28 14:51 . 2010-04-28 09:57 -------- d-----w- c:\program files\NortonInstaller
    2010-06-28 14:51 . 2008-11-28 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-06-28 10:33 . 2009-11-05 09:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-06-28 09:02 . 2004-01-02 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-06-06 00:23 . 2010-06-06 00:23 339968 ----a-w- c:\windows\system32\RapportBuka.dll
    2010-06-04 22:54 . 2009-08-10 19:02 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-17 10:40 . 2007-04-24 14:15 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Canon
    2010-05-15 11:23 . 2007-07-07 08:44 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-05-06 10:41 . 2007-04-14 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2007-04-14 19:22 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-28 12:29 . 2007-04-14 15:49 44888 ----a-w- c:\documents and settings\HP_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-28 10:05 . 2010-04-28 10:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-04-28 10:05 . 2010-04-28 10:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-04-20 05:30 . 2007-04-14 19:16 285696 ----a-w- c:\windows\system32\atmfd.dll
    2008-06-30 12:44 . 2008-10-20 15:48 324976 ------w- c:\program files\mozilla firefox\components\coFFPlgn.dll
    2008-10-15 06:55 . 2007-05-09 12:13 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2005-02-02 13:55 . 2007-04-14 19:42 0 -csh--w- c:\windows\SMINST\HPCD.SYS
    .

    (
     
  20. netjock

    netjock TS Rookie Topic Starter Posts: 35

    ComboFix log (2) A third section will follow.

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-14 68856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-07-03 4105576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-10 198160]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-07 8720384]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoUpdate Monitor.lnk]
    backup=c:\windows\pss\AutoUpdate Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk]
    backup=c:\windows\pss\BT Broadband Help.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check(3).lnk]
    backup=c:\windows\pss\EPSON Status Monitor 3 Environment Check(3).lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Home Theater SchSvr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-07-06 17:28 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
    2004-06-29 17:06 88363 ------w- c:\windows\AGRSMMSG.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
    2004-09-07 12:47 57344 ------w- c:\windows\ALCXMNTR.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GBMLite8AgentLaCie]
    2008-09-18 08:05 189056 ----a-w- c:\program files\LaCie\Genie Backup Assistant\GBMAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2008-10-15 06:55 29744 ------w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    1998-05-07 16:04 52736 ------w- c:\windows\system\hpsysdrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2004-04-21 18:28 286720 ------w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
    2004-12-09 11:02 421888 ------w- c:\progra~1\BTTOTA~1\Help\SMARTB~1\BTHelpNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    2007-12-07 07:33 8720384 ------w- c:\program files\MySpace\IM\MySpaceIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2007-09-17 00:07 8491008 ----a-w- c:\windows\system32\nvcpl.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2007-09-17 00:07 81920 ----a-w- c:\windows\system32\nvmctray.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2007-09-17 00:07 1626112 ----a-w- c:\windows\system32\nwiz.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    2003-05-08 11:00 49152 ------w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
    2002-10-16 16:57 81920 ------w- c:\windows\system32\ps2.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-17 20:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    2004-04-14 20:43 233472 ------w- c:\windows\SMINST\Recguard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiS Windows KeyHook]
    2004-05-20 09:47 249856 ------w- c:\windows\system32\Keyhook.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftAP]
    2004-02-17 09:19 536576 ------w- c:\program files\Arcadyan Wireless\NetCfgWizard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-04-14 17:00 68856 ------w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-02-10 08:56 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
    2004-07-30 10:41 192512 ------w- c:\program files\InterVideo\Common\Bin\WinRemote.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless SoftAP]
    2004-02-17 09:20 667648 ------w- c:\program files\Arcadyan Wireless\Configuration\SoftAP.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    2005-08-31 16:11 2478080 ------w- c:\progra~1\Yahoo!\MESSEN~1\ypager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
    2003-12-09 11:03 57344 ------w- c:\progra~1\Yahoo!\browser\ybrwicon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Lavasoft Ad-Aware Service"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\ypager.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "c:\\Program Files\\Spotify\\spotify.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [07/07/2010 09:11 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1107000.00C\symds.sys [25/05/2010 12:47 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [25/05/2010 12:47 173104]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20100619.001\BHDrvx86.sys [23/06/2010 08:46 691248]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [25/05/2010 12:47 501888]
    R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [24/02/2010 11:29 390528]
    R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [07/06/2010 18:07 59240]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/06/2010 18:07 166632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [25/05/2010 12:47 116784]
    R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [25/05/2010 12:46 126392]
    R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe [29/04/2010 14:53 103280]
    R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe [29/04/2010 14:53 126392]
    R2 PCTWPASV;SoftAP WPA Authenticator Service;c:\program files\Arcadyan Wireless\pctwpasv.exe [30/01/2004 13:59 204800]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/06/2010 18:07 840936]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27/05/2010 21:24 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20100706.003\IDSXpx86.sys [07/07/2010 08:36 331640]
    R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [02/01/2004 03:19 24608]
    R3 SlUSBFlt;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\drivers\SlUSBFlt.sys [05/07/2010 17:12 11831]
    S2 gupdate1c995ce4d4e0972;Google Update Service (gupdate1c995ce4d4e0972);c:\program files\Google\Update\GoogleUpdate.exe [23/02/2009 16:49 133104]
    S3 Avgfwdx;Avgfwdx;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwdx.sys --> c:\windows\system32\DRIVERS\avgfwdx.sys [?]
    S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [14/04/2007 16:47 29744]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [06/07/2010 18:28 1352832]
    S3 PRISM_A00;Intersil PRISM 802.11a/g Driver;c:\windows\system32\drivers\PCTELSAP.SYS [02/01/2004 03:17 350282]
    S3 SlFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\drivers\SlFilter.sys [05/07/2010 17:12 13395]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-06 17:28]

    2009-11-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

    2010-07-02 c:\windows\Tasks\backup.job
    - c:\documents and settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup.bks [2007-04-21 12:07]

    2010-07-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

    2010-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]

    2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 15:49]

    2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{9D80D5D8-9F2E-425B-845E-2C7851F5F049}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
    .
    .
    -
     
  21. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Phew. Think that it all.

    ------- Supplementary Scan -------
    .
    uStart Page = www.google.com
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox?client=firefox-a&rlz=1R0GGIC_en
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - plugin: c:\documents and settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\390w2b2o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-avgrsstarter - avgrsstx.dll
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-VTTimer - VTTimer.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-07 14:04
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCCUJobMgr]
    "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.2.547\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-468578920-4183780032-2647741159-1007\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(7232)
    c:\windows\system32\WININET.dll
    c:\program files\Trusteer\Rapport\bin\rooksbas.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\windows\System32\GEARSec.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\nvsvc32.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-07 14:09:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-07 13:09

    Pre-Run: 145,303,388,160 bytes free
    Post-Run: 145,184,436,224 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

    - - End Of File - - FD617E3F3F91419802CEFE9F89AE42E1
     
  22. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Ran the Eset full scan as requested. Result came up totally clean with no infected files. That seems great, but unfortunately I cannnot locate the txt report at C:\Program Files\EsetOnlineScanner\log.txt.
     
  23. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Still trying to obtain Eset txt without success. Now run three very lengthy scans to no avail. One attempt flagged message: "ESET OnlineScanner cannot get update in proxy configured". Any suggestions All scan still showing no infections.
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Before you run this script, open Notepad> Format> Remove the check for Word Wrap. That's why it took 3 posts to get the log in. I don't know what got into everyone today! 4 of you had word wrap checked and the logs went on and on-an on! I think you will find this better.

    Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\DRIVERS\avgfwdx.sys 
    
    Folder::
    c:\documents and settings\HP_Owner\Local Settings\Application Data\Sunbelt Software
    c:\documents and settings\LocalService\Application Data\McAfee
    c:\documents and settings\All Users\Application Data\McAfee
    c:\documents and settings\All Users\Application Data\~0
    
    DDS::
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q404&bd=pavilion&pf=desktop
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: 1 (0x1) - No File
    Notify: avgrsstarter - avgrsstx.dll	
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    
    Driver::
    Avgfwdx
    Avgfwfd
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    After you finish this and reboot, please run the following security check. I found McAfee and Sunbelt security. Please don't add anything to the system and stay out of the Registry.

    Security Check

    Download Security Check and save it to your Desktop.
    • Double-click SecurityCheck.exe to run.
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post this log in your next reply.

    You will find life much easier posting these logs with word wrap off! (So will I!)

    By the way, I noticed you Installed Windows Internet Explorer 8 on 03/07/2010 17:05:45 - did the problems begin before or after that. Or did you install IE8 trying to fix the problem?.
     
  25. netjock

    netjock TS Rookie Topic Starter Posts: 35

    Humble apologies Bobbye. Well past midnight again and slowing down. Sorry for sending you overblown logs. Total novice on forum and just beginning to become fairly adequate at managing my own pc after many years of dependency on large IT department. Thank you for sending text on resolving my unwanted AVG files. Have copied them from notebook to requested location, but cannot seem to be able to tranfer them to ComboFix location.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...