I have some sort of virus or malware (need help)

Inactive
By pkr4599
Aug 29, 2011
Topic Status:
Not open for further replies.
  1. I think i have google redirect virus, and my computer is really slow...
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll be glad to help sort out the problem.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =========================================
    Any malware can cause a search to be directed. Google is getting the wrap because most people use Google for their search engine. If you do a Google search, then choose one of the site on the page, but get taken to some other site instead, then you probably are being redirected. If you are experiencing something different, you need to let me know what it is.

    As far as "slow", there are many things that can cause a computer to run slow- either slow to load and shut down, low to surf or all. Please describe what "slow" means to you. Tell me how much RAM is installed and whether you have recently been downloading programs or apps- and 'what' is slow- slow to open programs? Slow to connect to the internet? Slow to go site to site? Other?.
  3. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    Thank you for your response and thank you in advance for your help

    Ok got several issues...

    Lately I have googled something and when i click on the link it takes me to several places and if i go back on the browser it is a different page, and not the google link...

    EX: I googled trend micro house call and it came up, when i clicked on it it took me to a search page, then i hit back and it was a buy rx drug page...

    secondly, I had an odd virus scanner that randomly showed up on my desktop. It looked like a windows virus scan but it did not have a name and after that it would not let me do anything... I started it in safe mode and removed the file, but i certainly did not download it...

    I downloaded Avira antivirus and it found 8 at first and then more when i restarted... i have deleted a number of programs as well today... here is what avira shows...



    Avira AntiVir Personal
    Report file date: Monday, August 29, 2011 17:36

    Scanning for 3310245 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : PKR4599
    Computer name : PKR4599-PC

    Version information:
    BUILD.DAT : 10.2.0.700 35934 Bytes 7/21/2011 17:12:00
    AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/21/2011 16:12:28
    AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/21/2011 16:15:00
    LUKE.DLL : 10.3.0.5 45416 Bytes 7/21/2011 16:13:59
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/21/2011 16:12:28
    AVREG.DLL : 10.3.0.9 90472 Bytes 7/21/2011 16:12:21
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:14:25
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:14:28
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 16:14:29
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 21:32:11
    VBASE007.VDF : 7.11.13.61 2048 Bytes 8/16/2011 21:32:11
    VBASE008.VDF : 7.11.13.62 2048 Bytes 8/16/2011 21:32:11
    VBASE009.VDF : 7.11.13.63 2048 Bytes 8/16/2011 21:32:11
    VBASE010.VDF : 7.11.13.64 2048 Bytes 8/16/2011 21:32:11
    VBASE011.VDF : 7.11.13.65 2048 Bytes 8/16/2011 21:32:11
    VBASE012.VDF : 7.11.13.66 2048 Bytes 8/16/2011 21:32:12
    VBASE013.VDF : 7.11.13.95 166400 Bytes 8/17/2011 21:32:14
    VBASE014.VDF : 7.11.13.125 209920 Bytes 8/18/2011 21:32:16
    VBASE015.VDF : 7.11.13.157 184832 Bytes 8/22/2011 21:32:18
    VBASE016.VDF : 7.11.13.201 128000 Bytes 8/24/2011 21:32:19
    VBASE017.VDF : 7.11.13.234 160768 Bytes 8/25/2011 21:32:21
    VBASE018.VDF : 7.11.13.235 2048 Bytes 8/25/2011 21:32:21
    VBASE019.VDF : 7.11.13.236 2048 Bytes 8/25/2011 21:32:21
    VBASE020.VDF : 7.11.13.237 2048 Bytes 8/25/2011 21:32:21
    VBASE021.VDF : 7.11.13.238 2048 Bytes 8/25/2011 21:32:21
    VBASE022.VDF : 7.11.13.239 2048 Bytes 8/25/2011 21:32:22
    VBASE023.VDF : 7.11.13.240 2048 Bytes 8/25/2011 21:32:22
    VBASE024.VDF : 7.11.13.241 2048 Bytes 8/25/2011 21:32:22
    VBASE025.VDF : 7.11.13.242 2048 Bytes 8/25/2011 21:32:22
    VBASE026.VDF : 7.11.13.243 2048 Bytes 8/25/2011 21:32:22
    VBASE027.VDF : 7.11.13.244 2048 Bytes 8/25/2011 21:32:22
    VBASE028.VDF : 7.11.13.245 2048 Bytes 8/25/2011 21:32:23
    VBASE029.VDF : 7.11.13.246 2048 Bytes 8/25/2011 21:32:23
    VBASE030.VDF : 7.11.13.247 2048 Bytes 8/25/2011 21:32:23
    VBASE031.VDF : 7.11.14.14 138240 Bytes 8/29/2011 21:32:24
    Engineversion : 8.2.6.50
    AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
    AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 8/29/2011 21:32:51
    AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
    AESBX.DLL : 8.2.1.34 323957 Bytes 7/21/2011 16:11:50
    AERDL.DLL : 8.1.9.13 639349 Bytes 7/21/2011 16:11:49
    AEPACK.DLL : 8.2.10.9 684406 Bytes 8/29/2011 21:32:47
    AEOFFICE.DLL : 8.1.2.13 201083 Bytes 8/29/2011 21:32:45
    AEHEUR.DLL : 8.1.2.161 3641720 Bytes 8/29/2011 21:32:43
    AEHELP.DLL : 8.1.17.7 254327 Bytes 8/29/2011 21:32:32
    AEGEN.DLL : 8.1.5.9 401780 Bytes 8/29/2011 21:32:31
    AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
    AECORE.DLL : 8.1.23.0 196983 Bytes 8/29/2011 21:32:28
    AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
    AVPREF.DLL : 10.0.3.2 44904 Bytes 7/21/2011 16:12:20
    AVREP.DLL : 10.0.0.10 174120 Bytes 7/21/2011 16:12:22
    AVARKT.DLL : 10.0.26.1 255336 Bytes 7/21/2011 16:12:00
    AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/21/2011 16:12:10
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/21/2011 19:12:31
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
    NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
    RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/21/2011 16:15:09
    RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/21/2011 16:15:09

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: Default
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: Advanced

    Start of the scan: Monday, August 29, 2011 17:36

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'SearchFilterHost.exe' - '33' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '52' Module(s) have been scanned
    Scan process 'msiexec.exe' - '65' Module(s) have been scanned
    Scan process 'svchost.exe' - '30' Module(s) have been scanned
    Scan process 'vssvc.exe' - '56' Module(s) have been scanned
    Scan process 'avscan.exe' - '76' Module(s) have been scanned
    Scan process 'avcenter.exe' - '95' Module(s) have been scanned
    Scan process 'avgnt.exe' - '51' Module(s) have been scanned
    Scan process 'sched.exe' - '56' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'avguard.exe' - '64' Module(s) have been scanned
    Scan process 'Safari.exe' - '175' Module(s) have been scanned
    Module is OK -> <C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll>
    [WARNING] The file could not be opened!
    Scan process 'utilman.exe' - '26' Module(s) have been scanned
    Scan process 'utilman.exe' - '25' Module(s) have been scanned
    Scan process 'utilman.exe' - '26' Module(s) have been scanned
    Scan process 'utilman.exe' - '25' Module(s) have been scanned
    Scan process 'taskeng.exe' - '55' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '65' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
    Scan process 'iPodService.exe' - '30' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '24' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '31' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '69' Module(s) have been scanned
    Scan process 'ehtray.exe' - '29' Module(s) have been scanned
    Scan process 'jusched.exe' - '32' Module(s) have been scanned
    Scan process 'FLVSrvc.exe' - '20' Module(s) have been scanned
    Scan process 'RUBottedGUI.exe' - '95' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '77' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '26' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '26' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '50' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '157' Module(s) have been scanned
    Scan process 'taskeng.exe' - '72' Module(s) have been scanned
    Scan process 'Dwm.exe' - '38' Module(s) have been scanned
    Scan process 'svchost.exe' - '60' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '21' Module(s) have been scanned
    Scan process 'CLSched.exe' - '41' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'RUBotSrv.exe' - '31' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'SlingAgentService.exe' - '26' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '22' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'svchost.exe' - '22' Module(s) have been scanned
    Scan process 'SMSvcHost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '22' Module(s) have been scanned
    Scan process 'MDM.EXE' - '23' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '88' Module(s) have been scanned
    Scan process 'CLCapSvc.exe' - '83' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'svchost.exe' - '61' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '90' Module(s) have been scanned
    Scan process 'WLANExt.exe' - '92' Module(s) have been scanned
    Scan process 'svchost.exe' - '99' Module(s) have been scanned
    Scan process 'svchost.exe' - '86' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '154' Module(s) have been scanned
    Scan process 'svchost.exe' - '114' Module(s) have been scanned
    Scan process 'svchost.exe' - '69' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'winlogon.exe' - '36' Module(s) have been scanned
    Scan process 'lsm.exe' - '22' Module(s) have been scanned
    Scan process 'lsass.exe' - '62' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1323' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1b985859-69cb1bf7
    [DETECTION] Contains recognition pattern of the EXP/2010-4452.C.3 exploit
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\269cd379-72f9b3d4
    [0] Archive type: ZIP
    --> javax/AServers.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DT Java virus
    --> javax/Server1.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agen.FE.1 Java virus
    --> javax/Server2.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\42c01087-1844f4d3
    [0] Archive type: ZIP
    --> Email.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
    --> ExecService.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
    C:\Windows\Temp\276F.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    C:\Windows\Temp\34E8.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    Begin scan in 'D:\' <LENOVO>

    Beginning disinfection:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
    C:\Windows\Temp\34E8.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4a11b773.qua'.
    C:\Windows\Temp\276F.tmp
    [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '52b598d7.qua'.
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\42c01087-1844f4d3
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
    [NOTE] The file was moved to the quarantine directory under the name '00c7c23b.qua'.
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\269cd379-72f9b3d4
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
    [NOTE] The file was moved to the quarantine directory under the name '66da8dfd.qua'.
    C:\Users\PKR4599\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1b985859-69cb1bf7
    [DETECTION] Contains recognition pattern of the EXP/2010-4452.C.3 exploit
    [NOTE] The file was moved to the quarantine directory under the name '235ea037.qua'.


    End of the scan: Monday, August 29, 2011 18:56
    Used time: 1:18:44 Hour(s)

    The scan has been done completely.

    28551 Scanned directories
    470930 Files were scanned
    8 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    5 Files were moved to quarantine
    0 Files were renamed
    1 Files cannot be scanned
    470921 Files not concerned
    2056 Archives were scanned
    1 Warnings
    5 Notes
    640301 Objects were scanned with rootkit scan
    0 Hidden objects were found

    The next one:
    Starting the file scan:

    Begin scan in 'C:\Windows\Temp\0.9004026727451206.exe'
    C:\Windows\Temp\0.9004026727451206.exe
    --> Object
    [DETECTION] Is the TR/Dropper.Gen Trojan
    Begin scan in 'C:\Windows\Temp\0.5933440170871581.exe'
    C:\Windows\Temp\0.5933440170871581.exe
    --> Object
    [DETECTION] Is the TR/Dropper.Gen Trojan

    Beginning disinfection:
    C:\Windows\Temp\0.5933440170871581.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4bbc8a9d.qua'.
    C:\Windows\Temp\0.9004026727451206.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '532fa53a.qua'.


    End of the scan: Monday, August 29, 2011 20:14
    Used time: 00:00 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    74 Files were scanned
    2 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    2 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    72 Files not concerned
    0 Archives were scanned
    0 Warnings
    2 Notes


    I have an intel core duo 2.0 processor and 3gigs of ram...

    By slow, I mean sometimes it takes a bit longer to do everything... Sometimes it sends error messages... Earlier I tried to right click the start button to explore and it took like 2 mins and gave an error message... Also slow to get to a site but i have deleted several programs I dont think I need and downloaded the avira program.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please continue with the steps in the link I left..

    The instructions in the steps for Avast and Avira state that if you have a functioning, updated AV, do not download another AV. So if you have 2 AV now remove one of them. I'm not going to act on the scan as I will have you run an online scan later.

    You are describing a redirect. Hopefully that will resolve when we finsd and remove the malware.

    What is the message?

    Hold on uninstalling for now.

    This will be a rogue spyware program that will tell you there are virus or system problems so don't act on those alerts.
  5. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    pop up messages

    There have been several messages....

    When I right click on start menu it took much longer than normal and said something like microsoft explorer is not working... Then it opened

    Other messages include: "your google toolbar is not working, or windows has deactivated google toolbar" when i was not actively doing anything on the internet.

    Also, I ran the malwarebytes... Below:
    Since then it has poped up saying "it has a potentially a harmful website from opening ....ip address... port ... outgoing..."
    This is happening once a minute or so...


    Log 1:
    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7607

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    8/29/2011 11:27:45 PM
    mbam-log-2011-08-29 (23-27-45).txt

    Scan type: Quick scan
    Objects scanned: 179695
    Time elapsed: 4 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 12

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\$RECYCLE.BIN\s-1-5-21-2334243749-4289735363-2917608400-1004\$R0KL7RR.exe (Rogue.SecurityProtection) -> Quarantined and deleted successfully.
    c:\Users\PKR4599\local settings\application data\utilman.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.0032638488820961875.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.34204682402370423.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.35492247697275514.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.0694536658114896.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.4658650335313247.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.5025280783290336.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.6471331976024879.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.9397806567125857.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.9423741300686167.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
    c:\Windows\Temp\0.683877108682626.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.


    Edit: 2nd Mbam log deleted by Bobbye. Leaving this original log.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    You can stop running Malwarebytes for now. Pleas continue on with the rest of the steps.
  7. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    gmer scan

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-31 14:17:16
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO
    Running: 3GMER.exe; Driver: C:\Windows\TEMP\pxriyfob.sys

    Edit: Old GMER log deleted by Bobbye
  8. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    dds scan

    Edit: Old DDS log deleted by Bobbye

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_12
    Run by PKR4599 at 14:24:19 on 2011-08-31
  9. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    attach

    Edit: Old log deleted by bobbye.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Okay- you description in 'first' is definitely a redirect.

    The description in 'second' sounds like a rogue malware program. These 'scareware' programs tell you the system has infections, or errors and you need to click on their link to 'fix' them. But the 'problems have been 'invented' for the scam to trick you into buying.

    I think it is the (Rogue.SecurityProtection) that was found in the Recycle Bin. Please do a right click on the bin and empty the trash!
    =====================================
    The Exploit entries quarantined in Mbam are usually found in the Java cache. You will get malware there when you have outdated Java on the system.
    I note you do have the current Java v6u27 But you still have addons for with Java v5u12 as an addon in IE and you have Java v=5 with updates, 12, 13, 14, 15 in Firefox. Java doesn't overwrite the previous update so you need to update immediately: Java Updates . Uninstall all Versions of outdated Java in Add/Remove programs in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    [b[You do not need a separate plugin for Firefox/[/b]
    =================================
    The Java cache needs to be emptied:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ====================================
    Did you have any antivirus program running before you installed Avira
    ======================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.

    All logs in next reply please.

    You comment qt the end of the Avira scan that "Sometimes it sends error messages." for me to work with that, I need to know what you were doing or trying to do when you got the message and what the message said.
  11. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    combofix

    ComboFix 11-09-01.03 - PKR4599 09/02/2011 13:01:50.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1708 [GMT -4:00]
    Running from: c:\users\PKR4599\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
    c:\users\PKR4599\67.xps
    c:\users\PKR4599\Documents\~WRL1126.tmp
    c:\users\PKR4599\Documents\~WRL1492.tmp
    c:\users\PKR4599\Documents\~WRL1691.tmp
    c:\users\PKR4599\Documents\~WRL2118.tmp
    c:\users\PKR4599\Documents\~WRL2902.tmp
    c:\users\PKR4599\Documents\~WRL3214.tmp
    c:\users\PKR4599\Documents\~WRL3250.tmp
    c:\users\PKR4599\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-02 17:07 . 2011-09-02 17:07 -------- d-----w- c:\users\PKR4599\AppData\Local\temp
    2011-09-02 17:07 . 2011-09-02 17:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-09-02 17:07 . 2011-09-02 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-30 00:25 . 2011-09-02 16:10 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-30 00:25 . 2011-09-02 16:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-29 21:33 . 2011-08-29 21:33 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Avira
    2011-08-29 21:30 . 2011-07-21 16:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-29 21:30 . 2011-07-21 16:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\programdata\Avira
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\program files\Avira
    2011-08-29 19:47 . 2011-08-30 00:06 -------- d-----w- c:\program files\PC Tools Security
    2011-08-29 19:39 . 2011-08-29 21:10 -------- d-----w- c:\programdata\PC Tools
    2011-08-26 14:52 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EF5FD60-C260-46F0-9806-1CFB879118C5}\mpengine.dll
    2011-08-24 18:30 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-17 16:33 . 2011-08-17 16:33 22032 ----a-w- c:\windows\DCEBoot.exe
    2011-08-09 20:45 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-09 20:45 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-09 20:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-09 20:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-09 20:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-09 20:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-09 21:52 . 2011-07-09 21:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-13 14:38 . 2011-06-13 14:38 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-06-13 14:38 . 2011-06-13 14:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-13 14:38 . 2011-06-13 14:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-13 14:38 . 2011-06-13 14:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-13 14:38 . 2011-06-13 14:38 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-13 14:38 . 2011-06-13 14:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-13 14:38 . 2011-06-13 14:38 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-13 14:38 . 2011-06-13 14:38 367104 ----a-w- c:\windows\system32\html.iec
    2011-06-13 14:38 . 2011-06-13 14:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-13 14:38 . 2011-06-13 14:38 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-06-13 14:38 . 2011-06-13 14:38 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-13 14:38 . 2011-06-13 14:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-13 14:38 . 2011-06-13 14:38 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-13 14:38 . 2011-06-13 14:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-13 14:38 . 2011-06-13 14:38 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-06-13 14:38 . 2011-06-13 14:38 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-13 14:38 . 2011-06-13 14:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-13 14:38 . 2011-06-13 14:38 101888 ----a-w- c:\windows\system32\admparse.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    2010-10-18 17:26 3908192 ----a-w- c:\program files\Freecorder\tbFree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
    "Skytel"="Skytel.exe" [2007-10-11 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
    "Malwarebytes' Anti-Malware"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-11-10 18:13 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-01-08 22:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 CapFilt;CapFilt; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 MBAMService;MBAMService;c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-09-21 93960]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 66.0.214.14 207.230.75.50
    FF - ProfilePath - c:\users\PKR4599\AppData\Roaming\Mozilla\Firefox\Profiles\1pxn59ft.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    MSConfigStartUp-BDAgent - c:\program files\BitDefender\BitDefender 2009\bdagent.exe
    MSConfigStartUp-dvd43 - c:\program files\dvd43\dvd43_tray.exe
    MSConfigStartUp-PCMService - c:\program files\Lenovo\ShuttleCenter\PCMService.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    MSConfigStartUp-Windows Mobile Device Center - c:\windows\WindowsMobile\wmdc.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-02 13:07
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2944)
    c:\users\PKR4599\AppData\Local\FLVService\lib\FLVSrvLib.dll
    .
    Completion time: 2011-09-02 13:09:49
    ComboFix-quarantined-files.txt 2011-09-02 17:09
    ComboFix2.txt 2009-06-11 21:16
    .
    Pre-Run: 58,528,448,512 bytes free
    Post-Run: 58,685,669,376 bytes free
    .
    - - End Of File - - 2E1AEC6DBE234F13FA1960C0A8F4305F
     
  12. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    unknown icon on desktop

    I have an icon that looks like a piece of paper and its named mozilla firefox. I can not delete it... please advise..

    Here is the avira scan:




    Avira AntiVir Personal
    Report file date: Friday, September 02, 2011 14:26

    Scanning for 3327751 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : PKR4599
    Computer name : PKR4599-PC

    Version information:
    BUILD.DAT : 10.2.0.700 35934 Bytes 7/21/2011 17:12:00
    AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/21/2011 16:12:28
    AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/21/2011 16:15:00
    LUKE.DLL : 10.3.0.5 45416 Bytes 7/21/2011 16:13:59
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/21/2011 16:12:28
    AVREG.DLL : 10.3.0.9 90472 Bytes 7/21/2011 16:12:21
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:14:25
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:14:28
    VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 16:14:29
    VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 21:32:11
    VBASE007.VDF : 7.11.13.61 2048 Bytes 8/16/2011 21:32:11
    VBASE008.VDF : 7.11.13.62 2048 Bytes 8/16/2011 21:32:11
    VBASE009.VDF : 7.11.13.63 2048 Bytes 8/16/2011 21:32:11
    VBASE010.VDF : 7.11.13.64 2048 Bytes 8/16/2011 21:32:11
    VBASE011.VDF : 7.11.13.65 2048 Bytes 8/16/2011 21:32:11
    VBASE012.VDF : 7.11.13.66 2048 Bytes 8/16/2011 21:32:12
    VBASE013.VDF : 7.11.13.95 166400 Bytes 8/17/2011 21:32:14
    VBASE014.VDF : 7.11.13.125 209920 Bytes 8/18/2011 21:32:16
    VBASE015.VDF : 7.11.13.157 184832 Bytes 8/22/2011 21:32:18
    VBASE016.VDF : 7.11.13.201 128000 Bytes 8/24/2011 21:32:19
    VBASE017.VDF : 7.11.13.234 160768 Bytes 8/25/2011 21:32:21
    VBASE018.VDF : 7.11.14.16 141312 Bytes 8/30/2011 01:12:54
    VBASE019.VDF : 7.11.14.48 133120 Bytes 8/31/2011 01:12:56
    VBASE020.VDF : 7.11.14.49 2048 Bytes 8/31/2011 01:12:56
    VBASE021.VDF : 7.11.14.50 2048 Bytes 8/31/2011 01:12:56
    VBASE022.VDF : 7.11.14.51 2048 Bytes 8/31/2011 01:12:56
    VBASE023.VDF : 7.11.14.52 2048 Bytes 8/31/2011 01:12:57
    VBASE024.VDF : 7.11.14.53 2048 Bytes 8/31/2011 01:12:57
    VBASE025.VDF : 7.11.14.54 2048 Bytes 8/31/2011 01:12:57
    VBASE026.VDF : 7.11.14.55 2048 Bytes 8/31/2011 01:12:58
    VBASE027.VDF : 7.11.14.56 2048 Bytes 8/31/2011 01:12:58
    VBASE028.VDF : 7.11.14.57 2048 Bytes 8/31/2011 01:12:58
    VBASE029.VDF : 7.11.14.58 2048 Bytes 8/31/2011 01:12:59
    VBASE030.VDF : 7.11.14.59 2048 Bytes 8/31/2011 01:12:59
    VBASE031.VDF : 7.11.14.73 124928 Bytes 9/2/2011 15:52:27
    Engineversion : 8.2.6.54
    AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
    AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 8/29/2011 21:32:51
    AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
    AESBX.DLL : 8.2.1.34 323957 Bytes 7/21/2011 16:11:50
    AERDL.DLL : 8.1.9.13 639349 Bytes 7/21/2011 16:11:49
    AEPACK.DLL : 8.2.10.10 684407 Bytes 9/2/2011 15:53:02
    AEOFFICE.DLL : 8.1.2.13 201083 Bytes 8/29/2011 21:32:45
    AEHEUR.DLL : 8.1.2.164 3654007 Bytes 9/2/2011 15:52:55
    AEHELP.DLL : 8.1.17.7 254327 Bytes 8/29/2011 21:32:32
    AEGEN.DLL : 8.1.5.9 401780 Bytes 8/29/2011 21:32:31
    AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
    AECORE.DLL : 8.1.23.0 196983 Bytes 8/29/2011 21:32:28
    AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
    AVPREF.DLL : 10.0.3.2 44904 Bytes 7/21/2011 16:12:20
    AVREP.DLL : 10.0.0.10 174120 Bytes 7/21/2011 16:12:22
    AVARKT.DLL : 10.0.26.1 255336 Bytes 7/21/2011 16:12:00
    AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/21/2011 16:12:10
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/21/2011 19:12:31
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
    NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
    RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/21/2011 16:15:09
    RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/21/2011 16:15:09

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: Default
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: Advanced

    Start of the scan: Friday, September 02, 2011 14:26

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'chrome.exe' - '43' Module(s) have been scanned
    Scan process 'svchost.exe' - '30' Module(s) have been scanned
    Scan process 'vssvc.exe' - '49' Module(s) have been scanned
    Scan process 'avscan.exe' - '72' Module(s) have been scanned
    Scan process 'chrome.exe' - '43' Module(s) have been scanned
    Scan process 'chrome.exe' - '85' Module(s) have been scanned
    Scan process 'Explorer.exe' - '128' Module(s) have been scanned
    Scan process 'mbamservice.exe' - '50' Module(s) have been scanned
    Scan process 'svchost.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '21' Module(s) have been scanned
    Scan process 'iPodService.exe' - '30' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '24' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '68' Module(s) have been scanned
    Scan process 'ehtray.exe' - '28' Module(s) have been scanned
    Scan process 'unsecapp.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '61' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '30' Module(s) have been scanned
    Scan process 'mbamgui.exe' - '41' Module(s) have been scanned
    Scan process 'wmdcBase.exe' - '37' Module(s) have been scanned
    Scan process 'avgnt.exe' - '59' Module(s) have been scanned
    Scan process 'FLVSrvc.exe' - '19' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '76' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '25' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '25' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '49' Module(s) have been scanned
    Scan process 'taskeng.exe' - '86' Module(s) have been scanned
    Scan process 'Dwm.exe' - '36' Module(s) have been scanned
    Scan process 'taskeng.exe' - '49' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '9' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'SlingAgentService.exe' - '26' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'svchost.exe' - '22' Module(s) have been scanned
    Scan process 'SMSvcHost.exe' - '39' Module(s) have been scanned
    Scan process 'svchost.exe' - '22' Module(s) have been scanned
    Scan process 'MDM.EXE' - '23' Module(s) have been scanned
    Scan process 'avshadow.exe' - '33' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '88' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'avguard.exe' - '75' Module(s) have been scanned
    Scan process 'svchost.exe' - '57' Module(s) have been scanned
    Scan process 'sched.exe' - '56' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '87' Module(s) have been scanned
    Scan process 'WLANExt.exe' - '92' Module(s) have been scanned
    Scan process 'svchost.exe' - '100' Module(s) have been scanned
    Scan process 'svchost.exe' - '86' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '149' Module(s) have been scanned
    Scan process 'svchost.exe' - '114' Module(s) have been scanned
    Scan process 'svchost.exe' - '69' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'winlogon.exe' - '36' Module(s) have been scanned
    Scan process 'lsm.exe' - '22' Module(s) have been scanned
    Scan process 'lsass.exe' - '62' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1191' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    Begin scan in 'D:\' <LENOVO>


    End of the scan: Friday, September 02, 2011 16:22
    Used time: 1:55:57 Hour(s)

    The scan has been done completely.

    27779 Scanned directories
    366040 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    366040 Files not concerned
    1941 Archives were scanned
    0 Warnings
    0 Notes
    614944 Objects were scanned with rootkit scan
    0 Hidden objects were found
  13. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    malwarebytes

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7637

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    9/2/2011 5:01:01 PM
    mbam-log-2011-09-02 (17-01-01).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 307010
    Time elapsed: 2 hour(s), 15 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  14. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    gmer quick scan and gmer full

    Edit: Duplicate GMER deleted by Bobbye



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-09-02 17:52:12
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FBEO
    Running: 3GMER.exe; Driver: C:\Windows\TEMP\pxriyfob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8D0FBEBE ZwCreateSection
    SSDT 8D0FBEC3 ZwSetContextThread
    SSDT 8D0FBE5F ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 215 824E6998 4 Bytes [BE, BE, 0F, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 56D 824E6CF0 4 Bytes [C3, BE, 0F, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 621 824E6DA4 4 Bytes [5F, BE, 0F, 8D]
    ? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ? C:\Windows\TEMP\catchme.sys The system cannot find the file specified. !

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown] [74797817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage] [747EA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7479BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7478F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup] [747975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7478E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [747C8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7479DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight] [7478FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth] [7478FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage] [747871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7481CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [747BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7478D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree] [74786853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc] [7478687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.exe[2944] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74792AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  15. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    dds

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27
    Run by PKR4599 at 18:00:22 on 2011-09-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1336 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Freecorder\FLVSrvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\WindowsMobile\wmdcBase.exe
    C:\Users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HPService
    C:\Users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: CPub Object: {c86ae9c0-0909-4ddc-b661-c1afb9f5ae53} - c:\program files\firetrust\sitehound\SiteHound.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: SiteHound: {73f7f495-a325-4c52-be48-5f97fa511e89} - c:\program files\firetrust\sitehound\SiteHound.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Skytel] Skytel.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\users\pkr4599\desktop\anti virusmalware\malwarebytes\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\users\pkr4599\desktop\anti virusmalware\malwarebytes\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\users\pkr4599\desktop\anti virusmalware\malwarebytes\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - c:\program files\lenovo\veriface\OpenWnd.exe
    IE: {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - {73F7F495-A325-4C52-BE48-5F97FA511E89} - c:\program files\firetrust\sitehound\SiteHound.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: DhcpNameServer = 66.0.214.14 207.230.75.50
    TCP: Interfaces\{2E64BAD0-6599-45D7-97AB-7E4EC519DCFB} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{CA5845D8-2E03-4447-A695-B68C12E555A0} : DhcpNameServer = 66.0.214.14 207.230.75.50
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\pkr4599\appdata\roaming\mozilla\firefox\profiles\1pxn59ft.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\pkr4599\appdata\roaming\mozilla\firefox\profiles\1pxn59ft.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
    FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-29 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-29 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-29 66616]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-14 21504]
    R2 MBAMService;MBAMService;c:\users\pkr4599\desktop\anti virusmalware\malwarebytes\malwarebytes' anti-malware\mbamservice.exe [2011-8-29 366640]
    R2 SlingAgentService;SlingAgent Service;c:\program files\sling media\slingagent\SlingAgentService.exe [2008-9-21 93960]
    R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\drivers\AcpiVpc.sys [2009-5-19 21520]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-22 180736]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-29 22712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]
    S3 CapFilt;CapFilt;c:\windows\system32\drivers\CapFilt.sys [2008-9-14 18048]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-8 135664]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-09-02 17:09:51 -------- d-----w- c:\users\pkr4599\appdata\local\temp
    2011-09-02 17:08:46 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-09-02 16:59:29 208896 ----a-w- c:\windows\MBR.exe
    2011-08-30 03:09:31 -------- d-----w- c:\users\pkr4599\appdata\roaming\Malwarebytes
    2011-08-30 03:09:27 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-30 03:09:26 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-30 03:09:22 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-30 00:25:10 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-08-30 00:25:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-29 21:33:48 -------- d-----w- c:\users\pkr4599\appdata\roaming\Avira
    2011-08-29 21:30:37 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-29 21:30:36 -------- d-----w- c:\programdata\Avira
    2011-08-29 21:30:36 -------- d-----w- c:\program files\Avira
    2011-08-29 19:47:07 -------- d-----w- c:\program files\PC Tools Security
    2011-08-29 19:39:16 -------- d-----w- c:\programdata\PC Tools
    2011-08-26 14:52:00 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5ef5fd60-c260-46f0-9806-1cfb879118c5}\mpengine.dll
    2011-08-24 18:30:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-17 16:33:18 22032 ----a-w- c:\windows\DCEBoot.exe
    2011-08-09 20:45:50 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-09 20:45:48 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-09 20:45:45 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-08-09 20:45:34 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-09 20:45:34 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-09 20:45:31 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2011-08-17 16:36:53 81984 ----a-w- c:\windows\system32\bdod.bin
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-09 21:52:51 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
    .
    ============= FINISH: 18:00:48.24 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/14/2008 4:03:56 AM
    System Uptime: 9/2/2011 11:49:39 AM (7 hours ago)
    .
    Motherboard: LENOVO | | SPEEDY
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | Socket 478 | 2000/167mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 189 GiB total, 55.743 GiB free.
    D: is FIXED (NTFS) - 27 GiB total, 27.165 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Officejet Pro L7500
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: Officejet Pro L7500
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet Pro L7500
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet Pro L7500
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP892: 8/28/2011 5:39:21 PM - Scheduled Checkpoint
    RP893: 8/29/2011 1:32:40 PM - Scheduled Checkpoint
    RP894: 8/29/2011 5:45:15 PM - Removed W Photo Studio
    RP895: 8/29/2011 8:23:37 PM - Installed Java(TM) 6 Update 27
    RP896: 8/29/2011 8:25:24 PM - Removed Java(TM) 6 Update 27
    RP897: 8/29/2011 8:30:17 PM - Removed Windows Mobile Device Center Driver Update
    RP898: 8/29/2011 8:31:18 PM - Removed Windows Mobile Device Center
    RP899: 8/29/2011 8:32:41 PM - Removed TurboApps WinMobile Conduit
    RP900: 8/29/2011 8:36:02 PM - Removed MSXML 4.0 SP2 (KB973688)
    RP901: 8/30/2011 1:18:49 PM - Scheduled Checkpoint
    RP902: 8/31/2011 1:32:34 PM - Scheduled Checkpoint
    RP903: 9/2/2011 12:09:50 PM - Installed Java(TM) 6 Update 27
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira AntiVir Personal - Free Antivirus
    BPD_Scan
    Broadcom Gigabit Integrated Controller
    CallAtlanta
    Compatibility Pack for the 2007 Office system
    Documents To Go
    EasyCapture
    Freecorder
    Freecorder Toolbar
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HouseCall 6.6
    HP Driver Diagnostics
    HP Officejet Pro All-In-One Series
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    iTunes
    J2SE Runtime Environment 5.0 Update 12
    Java Auto Updater
    Java(TM) 6 Update 27
    Lenovo Easy Camera
    Malwarebytes' Anti-Malware version 1.51.1.1800
    mCore
    mDriver
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Professional Edition 2003
    Microsoft Office Small Business Connectivity Components
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    mMHouse
    MobileMe Control Panel
    Motorola SM56 Speakerphone Modem
    Mozilla Firefox (3.0.13)
    mPfMgr
    MSXML 4.0 SP2 (KB973688)
    NetDeviceManager
    OGA Notifier 2.0.0048.0
    Olympus Digital Wave Player
    Picasa 3
    QuickTime
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Slingbox Platform SDK 1.2.5.15
    SlingPlayer
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    WinFlash
    .
    ==== End Of File ===========================
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Is there some reason you keep running these programs? The preliminary scans were:
    Malwarebytes> run once
    DDS, logs for DDS.txt and Attach.txt> run once
    GMER> run once

    I had you clear the Java cache and run Combofix.
    ---------------------------------------
    DDS.txt
    1. DDS (Ver_2011-08-26.01) - NTFSx86>
    Run by PKR4599 at 18:00:22 on 2011-09-02> Keep
    2. DDS (Ver_2011-08-26.01) - NTFSx8>
    Run by PKR4599 at 14:24:19 on 2011-08-31> Delete
    3. DDS (Ver_2011-08-26.01) - NTFSx86
    Run by PKR4599 at 18:00:22 on 2011-09-02>> Delete dup. posted twice

    Attach.txt
    1. DDS (Ver_2011-08-26.01)
    Microsoft® Windows Vista™ Home Premium
    System Uptime: 9/2/2011 11:49:39 AM (7 hours ago)> Keep
    2. DDS (Ver_2011-08-26.01)
    Microsoft® Windows Vista™ Home Premium
    System Uptime: 8/31/2011 11:20:23 AM (3 hours ago)> Delete
    3. DDS (Ver_2011-08-26.01)
    System Uptime: 9/2/2011 11:49:39 AM (7 hours ago)> Delete dup- posted twice

    Malwarebytes
    1. mbam-log-2011-08-29 (23-27-45).txt> Keep original
    2. mbam-log-2011-08-30 (01-33-01).txt> Delete
    3. mbam-log-2011-09-02 (17-01-01).txt> Keep

    GMER
    1. GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-31 14:17:16> Delete
    2. GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-02 17:23:53> Keep

    Avira>>> none requested
    1. Report file date: Monday, August 29, 2011 17:36> Delete
    Avira AntiVir Personal
    2. Report file date: Friday, September 02, 2011 14:26> Keep
    ---------------------------------------
    Combofix has been run once. Please do not run it again.

    You don't need me to help you if you're going to run scans over and over! I will clean up this thread tomorrow. It's my job to instruct you in what to run and when to run it.

    Please do not run any more scan until I instruct you to. The time it's taking me to document all this is time I could be spending helping someone.
  17. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    My bad... I thought when you said "All logs in next reply please" that you wanted me to do it.

    It wont happen again! Thanks again for your help.
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
    [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=-
    DDS::
    uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    uURLSearchHooks: H - No File
    mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
    mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
    DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
    Driver::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Outdated programs:
    1. Java: Current version loaded. uninstall all but Javav6u27
    2. Adobe Reader 8.1.2: Current version loaded> uninstall
    3. Adobe Reader 8.1.2 Security Update 1> uninstall
    4. Mozilla Firefox (3.0.13): way out of date. Please update now.
    5. Java in Firefox: Tools> Addons. remove v5u12, v6updates 14, 15,17, 18 :
  19. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    cfscript log

    ComboFix 11-09-08.03 - PKR4599 09/08/2011 15:08:29.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1714 [GMT -4:00]
    Running from: c:\users\PKR4599\Desktop\ComboFix.exe
    Command switches used :: c:\users\PKR4599\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files\freecorder\FLVSrvc.exe
    c:\program files\freecorder\tbFree.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-08 19:13 . 2011-09-08 19:13 -------- d-----w- c:\users\PKR4599\AppData\Local\temp
    2011-09-08 19:13 . 2011-09-08 19:13 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-09-08 19:13 . 2011-09-08 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-30 00:25 . 2011-09-02 16:10 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-30 00:25 . 2011-09-02 16:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-29 21:33 . 2011-08-29 21:33 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Avira
    2011-08-29 21:30 . 2011-07-21 16:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-29 21:30 . 2011-07-21 16:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\programdata\Avira
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\program files\Avira
    2011-08-29 19:47 . 2011-08-30 00:06 -------- d-----w- c:\program files\PC Tools Security
    2011-08-29 19:39 . 2011-08-29 21:10 -------- d-----w- c:\programdata\PC Tools
    2011-08-26 14:52 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EF5FD60-C260-46F0-9806-1CFB879118C5}\mpengine.dll
    2011-08-24 18:30 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-17 16:33 . 2011-08-17 16:33 22032 ----a-w- c:\windows\DCEBoot.exe
    2011-08-09 20:45 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-09 20:45 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-09 20:45 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-09 20:45 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-09 20:45 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-09 20:45 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-09 21:52 . 2011-07-09 21:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-13 14:38 . 2011-06-13 14:38 161792 ----a-w- c:\windows\system32\msls31.dll
    2011-06-13 14:38 . 2011-06-13 14:38 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2011-06-13 14:38 . 2011-06-13 14:38 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-06-13 14:38 . 2011-06-13 14:38 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-06-13 14:38 . 2011-06-13 14:38 63488 ----a-w- c:\windows\system32\tdc.ocx
    2011-06-13 14:38 . 2011-06-13 14:38 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-06-13 14:38 . 2011-06-13 14:38 74752 ----a-w- c:\windows\system32\iesetup.dll
    2011-06-13 14:38 . 2011-06-13 14:38 367104 ----a-w- c:\windows\system32\html.iec
    2011-06-13 14:38 . 2011-06-13 14:38 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2011-06-13 14:38 . 2011-06-13 14:38 152064 ----a-w- c:\windows\system32\wextract.exe
    2011-06-13 14:38 . 2011-06-13 14:38 150528 ----a-w- c:\windows\system32\iexpress.exe
    2011-06-13 14:38 . 2011-06-13 14:38 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-06-13 14:38 . 2011-06-13 14:38 420864 ----a-w- c:\windows\system32\vbscript.dll
    2011-06-13 14:38 . 2011-06-13 14:38 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-06-13 14:38 . 2011-06-13 14:38 11776 ----a-w- c:\windows\system32\mshta.exe
    2011-06-13 14:38 . 2011-06-13 14:38 35840 ----a-w- c:\windows\system32\imgutil.dll
    2011-06-13 14:38 . 2011-06-13 14:38 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-06-13 14:38 . 2011-06-13 14:38 101888 ----a-w- c:\windows\system32\admparse.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
    "Skytel"="Skytel.exe" [2007-10-11 1826816]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
    "Malwarebytes' Anti-Malware"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-12 02:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-11-10 18:13 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-01-08 22:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 CapFilt;CapFilt; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 MBAMService;MBAMService;c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-09-21 93960]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 66.0.214.14 207.230.75.50
    FF - ProfilePath - c:\users\PKR4599\AppData\Roaming\Mozilla\Firefox\Profiles\1pxn59ft.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-08 15:13
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-09-08 15:16:12
    ComboFix-quarantined-files.txt 2011-09-08 19:15
    ComboFix2.txt 2011-09-02 17:09
    ComboFix3.txt 2009-06-11 21:16
    .
    Pre-Run: 58,036,322,304 bytes free
    Post-Run: 58,824,716,288 bytes free
    .
    - - End Of File - - E94CB9AC3A2ACE5DB0A87325B1165F6A
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Looks good> Let' take some processes off of startup:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================.
    I have removed the Registry entries that load the following> None of them need to start on boot. Please take the following processes off of the Start Menu:
    Have the problems been resolved?

    Almost forgot: Open Firefox> Tools> Addons> Plug-ins> remove java v6u12< u14, u15, u17, u18.
  21. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    cfscript log #2

    ComboFix 11-09-08.03 - PKR4599 09/11/2011 15:18:24.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3063.1959 [GMT -4:00]
    Running from: c:\users\PKR4599\Desktop\ComboFix.exe
    Command switches used :: c:\users\PKR4599\Desktop\CFScript.txt
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-11 to 2011-09-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-11 19:24 . 2011-09-11 19:24 -------- d-----w- c:\users\PKR4599\AppData\Local\temp
    2011-09-11 19:24 . 2011-09-11 19:24 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2011-09-11 19:24 . 2011-09-11 19:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-08-30 03:09 . 2011-08-30 03:09 -------- d-----w- c:\programdata\Malwarebytes
    2011-08-30 03:09 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-30 00:25 . 2011-09-02 16:10 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-08-30 00:25 . 2011-09-02 16:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-08-29 21:33 . 2011-08-29 21:33 -------- d-----w- c:\users\PKR4599\AppData\Roaming\Avira
    2011-08-29 21:30 . 2011-07-21 16:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-08-29 21:30 . 2011-07-21 16:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\programdata\Avira
    2011-08-29 21:30 . 2011-08-29 21:30 -------- d-----w- c:\program files\Avira
    2011-08-29 19:47 . 2011-08-30 00:06 -------- d-----w- c:\program files\PC Tools Security
    2011-08-29 19:39 . 2011-08-29 21:10 -------- d-----w- c:\programdata\PC Tools
    2011-08-26 14:52 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5EF5FD60-C260-46F0-9806-1CFB879118C5}\mpengine.dll
    2011-08-24 18:30 . 2011-07-11 13:25 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-08-17 16:33 . 2011-08-17 16:33 22032 ----a-w- c:\windows\DCEBoot.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-22 02:54 . 2011-08-10 07:09 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48 . 2011-08-10 07:09 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44 . 2011-08-10 07:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-09 21:52 . 2011-07-09 21:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-06 15:31 . 2011-08-09 20:45 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-20 08:54 . 2011-08-09 20:45 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-06-20 08:54 . 2011-08-09 20:45 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-17 20:13 . 2011-08-09 20:45 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-17 16:03 . 2011-08-09 20:45 375808 ----a-w- c:\windows\system32\winsrv.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 4702208]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-07-13 47904]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
    "Malwarebytes' Anti-Malware (reboot)"="c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-16 11:41 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2007-10-11 03:04 1826816 ----a-w- c:\windows\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2006-11-22 09:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2010-01-08 22:48 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-03-01 13:24 857648 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
    2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdcBase.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 CapFilt;CapFilt; [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 135664]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 MBAMService;MBAMService;c:\users\PKR4599\Desktop\Anti VirusMalware\Malwarebytes\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
    S2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2008-09-21 93960]
    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    2011-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 22:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    MSConfigStartUp-AdobeUpdater - c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-11 15:24
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-09-11 15:26:56
    ComboFix-quarantined-files.txt 2011-09-11 19:26
    ComboFix2.txt 2011-09-08 19:16
    ComboFix3.txt 2011-09-02 17:09
    ComboFix4.txt 2009-06-11 21:16
    .
    Pre-Run: 59,670,884,352 bytes free
    Post-Run: 59,641,339,904 bytes free
    .
    - - End Of File - - C6ED62D86F91E84B2C65002E48E28854
  22. pkr4599

    pkr4599 Newcomer, in training Topic Starter

    answer/question

    I have totally removed firefox... Will that take care of the JAVA update problem?

    Also, I do not know how to take those programs off the start menu... Please advise.
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    If you weren't using Firefox< the uninstall was fine. But to do that just to remove outdated Java is overkill.!

    How to use MSCONFIG in Windows Vista
    1. Click on the Vista start icon [​IMG] in the bottom left corner of your screen.
    2. Type MSCONFIG> press enter
    3. Vista asks permission to use this account:
      [​IMG]
    4. Follow the on-screen prompts to give Vista permission to continue.
    5. When finished with UAC, Microsoft's System Configuration Utility will display
      [​IMG]
      Note: change from image> check Selective Startup
    6. Click on the Startup tab.
    7. Vista loads essential programs through "Windows Services" so what you see here are optional.
    8. Check the box for each process that you do not want to start on boot
      You can safely check the following:
    9. Click on OK
    10. If this box displays, click the box by message 'dons how this message again', then click Restart:
    [​IMG]
    All images courtesy netsquirrel.com

    You may get a nag message the first time you reboot again. If so, check not to show again. Stay in Selective Startup to keep changes
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.