TechSpot

IE and Firefox won't load

Inactive
By knewknew
Sep 7, 2010
  1. First thank you for your time. I primarily use Firefox. It would not load yesterday. I tried IE and it would not work either. Safari does work.

    I went through the 8 step (condensed 6 step process). I will post my logs separately. The first "malawarebytes" is listed below.


    Malwarebyte log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4562

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    9/7/2010 11:41:03 AM
    mbam-log-2010-09-07 (11-41-03).txt

    Scan type: Quick scan
    Objects scanned: 131110
    Time elapsed: 9 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. knewknew

    knewknew TS Rookie Topic Starter

    Gmer log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-07 14:17:48
    Windows 5.1.2600 Service Pack 3
    Running: qqws4orv.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awdyapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8596CD2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8596B8E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA8597142]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA859706C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8596764]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8596C68]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA85966A4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8596708]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8596D88]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA8597210]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8596D48]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8596EC8]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA85A3B9C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA85A39C0]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA85A3AFA]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A85A3AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A85A39C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A859F5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A85A0F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A85A3BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

    Device \Driver\BTHUSB \Device\000000c1 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\BTHUSB \Device\000000bf bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2daf5
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641a2daf5 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  3. knewknew

    knewknew TS Rookie Topic Starter

    DDS.txt log

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Owner at 15:41:32.70 on Tue 09/07/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.754 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\tbh\base\bin\tbhSystray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    svchost.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Kaseya\Agent\AgentMon.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
    C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Safari\Safari.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uURLSearchHooks: H - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
    mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    Hosts: 172.19.10.13 alysheba

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z0ka85qq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z0ka85qq.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z0ka85qq.default\extensions\npnelaunch@sonicwall.com\plugins\npNELaunch.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-6 165456]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-22 335240]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-22 27784]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-22 108552]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-6 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-22 908056]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-22 297752]
    R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-9-24 610304]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
    R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2009-10-3 14336]
    R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-9-24 20792]
    R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504]
    S0 cerc6;cerc6; [x]

    =============== Created Last 30 ================


    ==================== Find3M ====================

    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-03-11 15:59:33 226656 ------w- c:\program files\cnsload_1268323173156.tmp
    2009-10-04 00:56:42 608 --sha-w- c:\windows\system32\winzvprt5.sys

    ============= FINISH: 15:42:15.21 ===============
     
  4. knewknew

    knewknew TS Rookie Topic Starter

    Attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/21/2009 5:04:55 PM
    System Uptime: 9/7/2010 2:52:08 PM (1 hours ago)

    Motherboard: Dell Inc. | |
    Processor: Genuine Intel(R) CPU U2500 @ 1.20GHz | Microprocessor | 1197/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 42.146 GiB free.
    D: is FIXED (NTFS) - 149 GiB total, 107.718 GiB free.
    E: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: Biometric Coprocessor
    Device ID: USB\VID_0483&PID_2016\7&37D503E&0&1
    Manufacturer:
    Name: Biometric Coprocessor
    PNP Device ID: USB\VID_0483&PID_2016\7&37D503E&0&1
    Service:

    ==== System Restore Points ===================

    RP253: 6/10/2010 8:12:21 AM - Software Distribution Service 3.0
    RP254: 6/11/2010 10:37:09 AM - System Checkpoint
    RP255: 6/12/2010 11:09:03 AM - System Checkpoint
    RP256: 6/13/2010 11:11:10 AM - System Checkpoint
    RP257: 6/14/2010 1:07:23 PM - System Checkpoint
    RP258: 6/15/2010 1:27:14 PM - System Checkpoint
    RP259: 6/16/2010 5:17:41 PM - System Checkpoint
    RP260: 6/17/2010 5:29:23 PM - System Checkpoint
    RP261: 6/18/2010 6:10:26 PM - System Checkpoint
    RP262: 6/19/2010 6:13:56 PM - System Checkpoint
    RP263: 6/21/2010 9:03:29 AM - System Checkpoint
    RP264: 6/22/2010 9:44:24 AM - Avg8 Update
    RP265: 6/23/2010 9:47:57 AM - System Checkpoint
    RP266: 6/24/2010 8:34:15 AM - Software Distribution Service 3.0
    RP267: 6/25/2010 8:43:25 AM - System Checkpoint
    RP268: 6/26/2010 9:32:56 AM - System Checkpoint
    RP269: 6/27/2010 11:54:12 AM - System Checkpoint
    RP270: 6/28/2010 12:57:19 PM - System Checkpoint
    RP271: 6/29/2010 2:42:03 PM - System Checkpoint
    RP272: 6/30/2010 3:15:37 PM - System Checkpoint
    RP273: 7/1/2010 4:18:39 PM - System Checkpoint
    RP274: 7/4/2010 7:16:38 PM - System Checkpoint
    RP275: 7/5/2010 8:58:09 PM - System Checkpoint
    RP276: 7/7/2010 12:07:14 AM - System Checkpoint
    RP277: 7/8/2010 11:14:25 AM - System Checkpoint
    RP278: 7/9/2010 8:49:39 AM - Avg8 Update
    RP279: 7/9/2010 8:52:00 AM - Avg8 Update
    RP280: 7/10/2010 9:32:59 AM - System Checkpoint
    RP281: 7/12/2010 8:27:42 AM - System Checkpoint
    RP282: 7/13/2010 9:39:14 AM - System Checkpoint
    RP283: 7/14/2010 8:23:30 AM - Software Distribution Service 3.0
    RP284: 7/15/2010 11:34:20 AM - System Checkpoint
    RP285: 7/16/2010 12:23:41 PM - System Checkpoint
    RP286: 7/17/2010 2:14:16 PM - System Checkpoint
    RP287: 7/19/2010 11:10:31 AM - System Checkpoint
    RP288: 7/20/2010 12:46:49 PM - System Checkpoint
    RP289: 7/21/2010 1:12:49 PM - System Checkpoint
    RP290: 7/22/2010 1:59:00 PM - System Checkpoint
    RP291: 7/23/2010 2:48:50 PM - System Checkpoint
    RP292: 7/24/2010 9:51:04 PM - System Checkpoint
    RP293: 7/26/2010 10:45:42 AM - System Checkpoint
    RP294: 7/27/2010 11:38:59 AM - System Checkpoint
    RP295: 7/28/2010 5:25:55 PM - System Checkpoint
    RP296: 7/29/2010 6:04:42 PM - System Checkpoint
    RP297: 7/30/2010 6:47:24 PM - System Checkpoint
    RP298: 7/31/2010 7:47:26 PM - System Checkpoint
    RP299: 8/1/2010 7:48:26 PM - System Checkpoint
    RP300: 8/2/2010 9:27:35 PM - System Checkpoint
    RP301: 8/4/2010 8:31:49 AM - Software Distribution Service 3.0
    RP302: 8/5/2010 11:08:47 AM - System Checkpoint
    RP303: 8/6/2010 11:52:24 AM - System Checkpoint
    RP304: 8/7/2010 2:24:25 PM - System Checkpoint
    RP305: 8/8/2010 8:51:22 PM - System Checkpoint
    RP306: 8/10/2010 2:07:27 PM - System Checkpoint
    RP307: 8/11/2010 10:27:01 PM - System Checkpoint
    RP308: 8/12/2010 8:47:42 AM - Software Distribution Service 3.0
    RP309: 8/13/2010 8:54:12 AM - System Checkpoint
    RP310: 8/14/2010 9:12:03 AM - System Checkpoint
    RP311: 8/15/2010 10:15:34 AM - System Checkpoint
    RP312: 8/15/2010 11:33:15 AM - Installed DartViewer.
    RP313: 8/16/2010 11:58:02 AM - System Checkpoint
    RP314: 8/17/2010 12:32:20 PM - System Checkpoint
    RP315: 8/18/2010 12:52:37 PM - System Checkpoint
    RP316: 8/19/2010 2:46:29 PM - System Checkpoint
    RP317: 8/20/2010 3:20:12 PM - System Checkpoint
    RP318: 8/21/2010 8:37:58 PM - System Checkpoint
    RP319: 8/22/2010 9:22:32 PM - System Checkpoint
    RP320: 8/24/2010 8:48:49 AM - System Checkpoint
    RP321: 8/25/2010 2:30:05 PM - System Checkpoint
    RP322: 8/26/2010 2:32:19 PM - System Checkpoint
    RP323: 8/27/2010 3:07:06 PM - System Checkpoint
    RP324: 8/28/2010 3:54:44 PM - System Checkpoint
    RP325: 8/29/2010 11:11:53 PM - System Checkpoint
    RP326: 8/30/2010 11:13:04 PM - System Checkpoint
    RP327: 9/1/2010 7:38:57 AM - System Checkpoint
    RP328: 9/2/2010 10:13:38 AM - System Checkpoint
    RP329: 9/3/2010 10:31:36 AM - System Checkpoint
    RP330: 9/4/2010 11:02:35 AM - System Checkpoint
    RP331: 9/5/2010 10:35:21 AM - Software Distribution Service 3.0
    RP332: 9/6/2010 1:06:18 PM - System Checkpoint
    RP333: 9/6/2010 6:02:47 PM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    Acrobat.com
    Adobe Acrobat 8 Standard
    Adobe Acrobat 8.1.3 Standard
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 7.0
    Adobe Premiere Elements 7.0 Templates
    Adobe Reader 9.2
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    AVG Free 8.5
    Bonjour
    Broadcom Gigabit Integrated Controller
    Browser Highlighter - Firefox
    CardRecovery 5.30
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Coupon Printer for Windows
    CustomerResearchQFolder
    DartViewer
    Dell Touchpad
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    FileOpen Client Installer
    GoToMeeting 4.5.0.456
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 9.0
    HP LaserJet M2727 MFP Series 1.0
    HP Update
    hppFaxDrvM2727
    hppFaxUtility
    hppFonts
    hppIOFiles
    hppLJM2727
    hppManualsM2727
    hppscanM2727
    hppScanTo
    hppSendFax
    hppTLBXFXM2727
    hppusgM2727
    HPSSupply
    hpzTLBXFX
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Software
    iTunes
    Java(TM) 6 Update 16
    Kaseya Agent
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.5.11)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser
    OGA Notifier 2.0.0048.0
    OMCI
    Oracle Web Conferencing Console
    Photo Viewer
    PowerDVD
    Product_Min_QFolder
    QuickTime
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Safari
    Scan
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SigmaTel Audio
    Skype Toolbars
    Skype™ 4.2
    SmartSound Quicktracks for Premiere Elements
    SonicWALL SSL-VPN NetExtender
    Sprint Mobile Broadband (Sierra)
    Uninstall Digital Binoculars Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    Visual Labels
    WebEx
    WebFldrs XP
    WebReg
    WildTangent Games
    Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
    Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
    Windows Genuine Advantage Notifications (KB905474)
    WinZip 14.5

    ==== Event Viewer Messages From Past Week ========

    9/7/2010 11:09:12 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:12 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The The Browser Highlighter Monitor service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The SonicWALL NetExtender Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:10 AM, error: Service Control Manager [7034] - The SPCSUtilityService service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:06 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:04 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/7/2010 11:09:03 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
    9/7/2010 11:09:03 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/7/2010 11:08:59 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
    9/6/2010 6:07:07 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    9/6/2010 12:23:49 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0018DE9C2EA8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    9/3/2010 9:36:52 PM, error: PSched [14103] - QoS [Adapter {40EFF117-EC32-40A7-9AF8-DB6616E9A5FC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
    9/3/2010 9:36:52 PM, error: NETw5x32 [43] -
    8/31/2010 1:24:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/31/2010 1:20:51 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

    ==== End Of File ===========================
     
  5. knewknew

    knewknew TS Rookie Topic Starter

    Update

    Just to let you know, after going through the 8 step (6 step) process, I clicked on Firefox and the browser now works.

    I'm really not sure what the issue is and if I had something going on in the background. Avast did not pick anything up and the malwarebytes program did not note any infected files. I'm not really sure what the other programs do but perhaps they cleaned something up.

    If you see anything I need to do, please let me know.

    Again, thank you for your time.

    Knew
     
  6. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You're running two AV programs, Avast and AVG.
    One of them has to go.
    If AVG (preferably), make sure to use AVG Remover: http://www.avg.com/us-en/download-tools

    When done....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. knewknew

    knewknew TS Rookie Topic Starter

    Thank you very much for your response. I will do as you have instructed and will post after it has completed.

    Again thanks....and by the way, I'll get rid of AVG... :)
     
  8. knewknew

    knewknew TS Rookie Topic Starter

    MBRcheck.......txt file

    Here is the txt file from the MBRCheck.exe

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x000001dc

    Kernel Drivers (total 144):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xB9F4A000 pcmcia.sys
    0xBA0D8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9F13000 atapi.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9EF3000 fltMgr.sys
    0xB9EE1000 sr.sys
    0xBA118000 PxHelp20.sys
    0xB9ECA000 KSecDD.sys
    0xB9E3D000 Ntfs.sys
    0xB9E10000 NDIS.sys
    0xB9DF6000 Mup.sys
    0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA588000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB9388000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB9374000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB934C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8FD5000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
    0xB8FB2000 \SystemRoot\system32\DRIVERS\b57xp32.sys
    0xBA458000 \SystemRoot\System32\drivers\swmsflt.sys
    0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8F8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8F7A000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xB8F4E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
    0xB8ED3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
    0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA73D000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB8EBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB8EAB000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA490000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB8E7B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xB9DC2000 \SystemRoot\system32\DRIVERS\SSLDrv.sys
    0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB8E58000 \SystemRoot\system32\DRIVERS\ks.sys
    0xB8DFA000 \SystemRoot\system32\DRIVERS\update.sys
    0xB9DBE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA318000 \SystemRoot\system32\DRIVERS\omci.sys
    0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA54C000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
    0xBA554000 \SystemRoot\system32\DRIVERS\sffdisk.sys
    0xA8B54000 \SystemRoot\system32\drivers\sthda.sys
    0xA8B30000 \SystemRoot\system32\drivers\portcls.sys
    0xBA188000 \SystemRoot\system32\drivers\drmk.sys
    0xA8AF6000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0xA89FF000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0xA8949000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA777000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA360000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xBA368000 \SystemRoot\System32\drivers\vga.sys
    0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA370000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA378000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBA564000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA8916000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA88BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xBA1C8000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA886F000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA8847000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA8825000 \SystemRoot\System32\drivers\afd.sys
    0xBA1D8000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA87FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA878A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8763000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xBA388000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0xA8717000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xBA390000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xBA398000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xB991D000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xBA3A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xBA3A8000 \SystemRoot\system32\drivers\hpfxbulk.sys
    0xBA248000 \SystemRoot\system32\drivers\hpfxgen.sys
    0xBA258000 \SystemRoot\system32\drivers\hpfxfax.sys
    0xBA3C0000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0xA8634000 \SystemRoot\System32\Drivers\bthport.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\usbccid.sys
    0xB9911000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0xA861C000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xBA5FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9905000 \SystemRoot\System32\drivers\Dxapi.sys
    0xBA3D8000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xBA706000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBA298000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0xA8603000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
    0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA85EF000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xA84F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA84EF000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA8344000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0xA7FA7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xA7F6A000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA8184000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA7FE8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xA7B75000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA7705000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
    0xBA358000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0xA751C000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 68):
    0 System Idle Process
    4 System
    468 C:\WINDOWS\system32\smss.exe
    860 csrss.exe
    940 C:\WINDOWS\system32\winlogon.exe
    984 C:\WINDOWS\system32\services.exe
    996 C:\WINDOWS\system32\lsass.exe
    1160 C:\WINDOWS\system32\svchost.exe
    1208 svchost.exe
    1248 C:\WINDOWS\system32\svchost.exe
    1328 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
    1408 svchost.exe
    1472 svchost.exe
    1724 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1940 C:\WINDOWS\explorer.exe
    580 C:\WINDOWS\system32\spoolsv.exe
    628 scardsvr.exe
    708 svchost.exe
    892 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    108 C:\WINDOWS\system32\svchost.exe
    112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1128 C:\Program Files\Bonjour\mDNSResponder.exe
    1284 svchost.exe
    1300 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    1508 C:\WINDOWS\system32\svchost.exe
    1584 C:\Program Files\Dell\OpenManage\Client\Iap.exe
    1736 C:\Program Files\Java\jre6\bin\jqs.exe
    1840 C:\Program Files\Kaseya\Agent\AgentMon.exe
    1956 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2088 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
    2112 C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
    2128 C:\WINDOWS\system32\svchost.exe
    2188 C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    2264 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    2284 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
    2384 C:\Program Files\tbh\base\bin\tbhDaemon.exe
    2568 wmiprvse.exe
    2976 alg.exe
    3644 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    3668 C:\WINDOWS\system32\hkcmd.exe
    3720 C:\WINDOWS\system32\igfxsrvc.exe
    3732 C:\WINDOWS\system32\igfxpers.exe
    3800 C:\Program Files\DellTPad\Apoint.exe
    3844 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
    3856 C:\Program Files\DellTPad\ApMsgFwd.exe
    3864 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
    3904 C:\Program Files\DellTPad\hidfind.exe
    3912 C:\Program Files\DellTPad\ApntEx.exe
    3920 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    3944 C:\WINDOWS\system32\rundll32.exe
    3956 C:\Program Files\Java\jre6\bin\jusched.exe
    3980 C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
    4008 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    4052 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    4084 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
    168 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    216 C:\Program Files\tbh\base\bin\tbhSystray.exe
    1436 C:\Program Files\iTunes\iTunesHelper.exe
    1872 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    2040 C:\WINDOWS\system32\ctfmon.exe
    2744 C:\Program Files\Skype\Phone\Skype.exe
    3440 C:\Program Files\WinZip\WZQKPICK.EXE
    3448 C:\WINDOWS\system32\wbem\unsecapp.exe
    1180 wmiprvse.exe
    1616 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    4044 C:\Program Files\iPod\bin\iPodService.exe
    2708 C:\Program Files\Safari\Safari.exe
    2764 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK8025GAL, Rev: BD102A
    PhysicalDrive2 Model Number: Maxtor2, Rev: 0344

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    149 GB \\.\PhysicalDrive2 RE: Unknown MBR code
    SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  9. knewknew

    knewknew TS Rookie Topic Starter

    Combox fix

    I downloaded and ran the AVG remover tool.

    Next I downloaded and ran the MBRCheck.exe file and posted the results.

    I then downloaded ComboFix to my desktop. I disabled my avast before running. When I clicked on Combofix it tells me that AVG is still Active.

    I'm afraid to click 'OK'. Any suggestions before I move forward with combofix?
     
  10. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    That's fine. Run Combofix anyway.

    What is drive D?
     
  11. knewknew

    knewknew TS Rookie Topic Starter

    I ran combofix and the log is below. I totally forgot about having my external hard drive attached when I ran all of my logs. Drive D is my external Hard drive. I detached it when running combofix.

    Knew


    ComboFix 10-09-08.01 - Owner 09/08/2010 21:39:07.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.858 [GMT -4:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Owner\g2mdlhlpx.exe
    c:\program files\cnsload_1268323173156.tmp

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
    .

    2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2010-09-07 15:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-07 15:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-06 22:07 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-06 22:03 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-06 22:03 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-06 22:03 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-06 22:03 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-06 22:03 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-06 22:03 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-06 22:03 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-09-06 22:02 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-06 22:02 . 2010-09-06 22:02 -------- d-----w- c:\program files\Alwil Software
    2010-09-06 22:02 . 2010-09-06 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-08-15 15:33 . 2010-08-15 15:33 4710 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe
    2010-08-15 15:33 . 2010-08-15 15:33 -------- d-----w- c:\program files\Dartfish

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-09 01:44 . 2009-12-07 18:26 -------- d-----w- c:\program files\Common Files\Akamai
    2010-09-08 12:21 . 2010-02-07 17:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
    2010-09-08 12:15 . 2009-09-22 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-09-07 11:56 . 2010-03-14 00:32 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-05 01:33 . 2009-11-02 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
    2010-08-31 18:03 . 2010-01-20 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
    2010-08-08 16:27 . 2010-08-08 16:24 -------- d-----w- c:\program files\iTunes
    2010-08-08 16:25 . 2010-08-08 16:25 -------- d-----w- c:\program files\iPod
    2010-08-08 16:25 . 2009-11-02 20:52 -------- d-----w- c:\program files\Common Files\Apple
    2010-08-08 16:12 . 2010-08-08 16:12 -------- d-----w- c:\program files\Bonjour
    2010-08-08 16:09 . 2010-08-08 16:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-08-08 15:55 . 2010-05-03 17:32 -------- d-----w- c:\program files\Safari
    2010-08-08 15:51 . 2010-08-08 15:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
    2010-08-04 20:47 . 2010-02-07 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
    2010-07-26 19:19 . 2010-07-26 19:19 -------- d-----w- c:\program files\Common Files\Skype
    2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:10 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-06-24 12:10 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2009-09-21 20:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-02-18 14:58 . 2010-02-18 14:58 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2010-02-18 14:58 . 2010-02-18 14:58 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2010-02-18 14:58 . 2010-02-18 14:59 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
    2010-02-18 14:59 . 2010-02-18 14:59 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    2009-10-04 00:56 . 2009-10-04 00:56 608 --sha-w- c:\windows\system32\winzvprt5.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
    "SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
    "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]
    "Kaseya Agent Service Helper"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2008-09-04 229376]
    "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-30 53248]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-03-02 710480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-09-08 492840]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\HP\\hp laserjet m2727\\hppfaxnc0.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
    "c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
    "1074:TCP"= 1074:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/6/2010 6:03 PM 165456]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 8:00 AM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/6/2010 6:03 PM 17744]
    R2 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [9/24/2009 6:34 PM 610304]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
    R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/3/2009 8:49 PM 14336]
    R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 5:55 PM 20504]
    S0 cerc6;cerc6; [x]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

    2010-09-08 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    .
    - - - - ORPHANS REMOVED - - - -

    Notify-avgrsstarter - avgrsstx.dll



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-08 21:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(948)
    c:\windows\system32\netprovcredman.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-09-08 21:46:10
    ComboFix-quarantined-files.txt 2010-09-09 01:46

    Pre-Run: 45,573,722,112 bytes free
    Post-Run: 45,558,243,328 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 15BFA901BB702C92CCC37EF1F0C50928
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    How is Firefox and IE?


    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. knewknew

    knewknew TS Rookie Topic Starter

    Greetings. I tried running OTL but it froze up during the execution. I'm going to try and run it one more time......crossing fingers...

    Knew
     
  14. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    OK :).............
     
  15. knewknew

    knewknew TS Rookie Topic Starter

    Greetings again. I tried to run OTL again but once again it freezes my computer. Do you think there could be another issue?

    Did I have a virus?

    sorry for all of the questions...I just want to make sure that whatever happened does not happen again.

    Knew
     
  16. Broni

    Broni Malware Annihilator Posts: 47,048   +256

    You didn't say how are Firefox and IE doing?

    Try to run OTL from Safe Mode.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.