TechSpot

Possible Trojan Sheur2 on Vista Machine/Browser being Redirected

By khansen90
Jun 6, 2011
  1. 5 days ago I started noticing problems on the laptop. AVG detected a trojan and quarantined it. Then the website redirection began. Over the weekend, I had a few blue screen of deaths. Once MBAM was installed, it blocked most if not all the redirects. I would like to see the redirect activity stopped. Also getting errors for Host Process for Windows Services being stopped. Any help is greatly appreciated!

    Dell Lattitude D630 w/Intel Duo T9300 2.5GHZ, 2 GB RAM, 32-bit Vista Business

    I followed the instructions for the updated 7-steps.

    Step 1. AVG has been kept current and running.

    Step 2. MBAM log:
    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6792

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19048

    6/6/2011 10:23:21 PM
    mbam-log-2011-06-06 (22-23-21).txt

    Scan type: Quick scan
    Objects scanned: 180040
    Time elapsed: 7 minute(s), 16 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\kelly.hansen\AppData\Local\Temp\0.5506790078270131.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    Step 3. GMER Log:
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-06 22:48:43
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1 FUJITSU_MHW2120BJ_FFS_G2 rev.0085001C
    Running: w1182qpi.exe; Driver: C:\Users\KELLY~1.HAN\AppData\Local\Temp\uxdcqpoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----
     
  2. khansen90

    khansen90 TS Rookie Topic Starter

    Step 4 DDS.txt log

    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_20
    Run by Kelly.Hansen at 22:54:31 on 2011-06-06
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2045.614 [GMT -4:00]
    .
    AV: AVG Anti-Virus Business Edition *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Business Edition *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\alg.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Programs\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\fxssvc.exe
    C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\System32\msdtc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
    C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\kelly.hansen\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\DisplayFusion\DisplayFusion.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.navyreserve.navy.mil/Pages/default.aspx
    uDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080731
    uWindow Title = Microsoft Internet Explorer provided by ASEC Incorporated
    mDefault_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=0080731
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
    uRun: [SansaDispatch] c:\users\kelly.hansen\appdata\roaming\sandisk\sansa updater\SansaDispatch.exe
    uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
    mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Acrobat Speed Launch] "c:\program files\adobe\acrobat 8.0\acrobat\acrobat_sl.exe"
    mRun: [Acrobat Synchronizer] "c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
    mRun: [<NO NAME>]
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    dRun: [lpc] rundll32.exe"c:\users\kelly.hansen\appdata\roaming\sun\mag0.dll", RegisterDll
    dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
    uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    uPolicies-explorer: NoAutoUpdate = 1 (0x1)
    mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    mPolicies-explorer: NoPublishingWizard = 1 (0x1)
    mPolicies-explorer: NoOnlinePrintsWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    dPolicies-explorer: HideSCAHealth = 1 (0x1)
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: navy.mil\nserc
    Trusted Zone: navy.mil\nsercvpn01.nswc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://savvee.webex.com/client/T27LB/webex/ieatgpc1.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{6A55266B-9270-40AC-A608-E42B5C048D68} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{7E4B938A-24C6-4EE0-B32B-22EEB2D57F4E} : DhcpNameServer = 192.168.0.1
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
    AppInit_DLLs: avgrsstx.dll
    LSA: Authentication Packages = msv1_0 wvauth
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\kelly.hansen\appdata\roaming\mozilla\firefox\profiles\y60b26q4.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDbsGscInfo.dll
    FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDBsignWeb.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\users\kelly.hansen\appdata\roaming\mozilla\firefox\profiles\y60b26q4.default\extensions\{f5e4ac68-1466-4b9f-b043-f40127f993d0}\plugins\npatgpc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2008-9-10 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-10 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-10 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-1 243152]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-1 308136]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-6 366640]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-6-3 1153368]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-4-15 2285432]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-2 7168]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-7-31 179712]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-6 22712]
    R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-11-11 59136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-10-16 29472]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-6 39984]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
    .
    =============== Created Last 30 ================
    .
    2011-06-06 19:38:38 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-06-06 19:38:37 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-06-06 19:38:36 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-06-06 19:38:36 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-06-06 19:38:36 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-06-06 19:38:35 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-06-06 19:38:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-06-06 19:38:34 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-06-06 15:06:47 -------- d-----w- c:\users\kelly.hansen\appdata\local\Adobe
    2011-06-06 04:38:04 -------- d-----w- c:\users\kelly.hansen\appdata\roaming\SUPERAntiSpyware.com
    2011-06-06 04:38:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-06-06 04:37:48 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-06-06 04:30:39 -------- d-----w- c:\users\kelly.hansen\appdata\roaming\Malwarebytes
    2011-06-06 04:30:34 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-06 04:30:33 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-06 04:30:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-06 04:30:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-03 19:28:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-06-03 19:28:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-05-31 11:54:41 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{35693288-0eed-407c-881e-08af454fe38e}\mpengine.dll
    2011-05-25 20:05:11 29272 ----a-r- c:\windows\system32\AdobePDF.dll
    2011-05-25 19:58:18 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2011-05-23 14:22:44 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-05-15 00:14:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-11 12:15:10 -------- d-----w- C:\2e6cd70dfea19fe08c05da53658177
    .
    ==================== Find3M ====================
    .
    2011-05-05 14:04:51 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2011-03-24 14:28:27 72080 ---ha-w- c:\users\kelly.hansen\g2mdlhlpx.exe
    2011-03-12 21:55:52 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
    2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
    .
    ============= FINISH: 22:57:13.80 ===============
     
  3. khansen90

    khansen90 TS Rookie Topic Starter

    Step 4 Attach log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume3
    Install Date: 7/31/2008 2:23:29 AM
    System Uptime: 6/6/2011 10:30:35 PM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz | Microprocessor | 800/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 110 GiB total, 23.791 GiB free.
    D: is FIXED (NTFS) - 2 GiB total, 1.105 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    2007 Microsoft Office system
    ActivClient CAC x86
    Adobe Acrobat 8 Standard
    Adobe Acrobat 8.2.6 - CPSID_83708
    Adobe Acrobat 8.2.6 Standard
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AuthenTec Fingerprint Sensor Minimum Install
    AVG 9.0
    biolsp patch
    Bluetooth Software Update Tool
    Bonjour
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Browser Address Error Redirector
    Canon Easy-WebPrint EX
    Canon IJ Network Scan Utility
    Canon IJ Network Tool
    Canon MP Navigator EX 3.0
    Canon MP560 series MP Drivers
    Canon MP560 series User Registration
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities My Printer
    Canon Utilities Solution Menu
    Carbonite Online Backup Setup
    Cisco WebEx Meeting Center for Firefox or Chrome
    Conexant HDA D330 MDC V.92 Modem
    DBsign Web Signer
    DeductionPro 2008
    Dell Drivers MSI
    Dell Embassy Trust Suite by Wave Systems
    Dell Getting Started Guide
    Dell Touchpad
    Device Installer x86
    Digital Line Detect
    DisplayFusion 3.3.1
    Document Manager Lite
    EDocs
    EMBASSY Security Center
    EMBASSY Security Setup
    EMBASSY Trust Suite by Wave Systems
    ESC Home Page Plugin
    Gemalto
    GemSafe Standard Edition 5.1
    Google Earth
    GoToMeeting 4.5.0.457
    H&R Block Deluxe + Efile + State 2010
    H&R Block North Carolina 2010
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Matrix Storage Manager
    Intel(R) PROSet/Wireless Software
    Internet Explorer (Enable DEP)
    Iomega Automatic Backup
    J2SE Development Kit 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 5
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LiveProject
    Malwarebytes' Anti-Malware version 1.51.0.1200
    mCore
    MFCLOC
    mHelp
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Web Access S/MIME
    Microsoft Silverlight
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    mMHouse
    MobileMe Control Panel
    Modem Diagnostic Tool
    Mozilla Firefox 4.0.1 (x86 en-US)
    mPfMgr
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWMI
    MySQL Administrator 1.1
    MySQL Query Browser 1.1
    MySQL Server 5.0
    NavFit98A
    NetWaiting
    NTRU TCG Software Stack
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OGA Notifier 2.0.0048.0
    PasswordVault v7.1.0
    PowerDVD DX
    Preboot Manager
    Private Information Manager
    QuickSet
    RoadRunner
    Sansa Updater
    Secure Update
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Wizards
    Spybot - Search & Destroy
    Sun Java System Application Server Platform Edition
    SUPERAntiSpyware
    TaxCut North Carolina 2008
    TaxCut Premium + State + Efile 2008
    TeamViewer 6 Host
    TeamViewer Host 5 (MSI)
    TI-83 Plus Flash Debugger
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    upekmsi
    Wave Infrastructure Installer
    Wave Support Software
    WebEx
    WebEx Meeting Manager for Internet Explorer
    WebEx Recorder and Player
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Sign-in Assistant
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/6/2011 7:25:22 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Xerox WorkCentre 7346 PCL6 with shared resource name Xerox WorkCentre 7346 PCL6. Error 2114. The printer cannot be used by others on the network.
    6/6/2011 7:22:55 PM, Error: EventLog [6008] - The previous system shutdown at 7:20:40 PM on 6/6/2011 was unexpected.
    6/6/2011 4:23:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service wercplsupport with arguments "" in order to run the server: {0E9A7BB5-F699-4D66-8A47-B919F5B6A1DB}
    6/6/2011 12:39:58 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    6/6/2011 12:26:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 spldr Wanarpv6
    6/6/2011 11:36:57 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL GET_STATE: The device has been removed.
    6/6/2011 11:19:47 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/6/2011 10:49:51 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 10:49:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 SASDIFSV SASKUTIL spldr Wanarpv6
    6/6/2011 10:49:01 AM, Error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 10:49:01 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/6/2011 10:48:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/6/2011 10:48:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/6/2011 10:48:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/6/2011 10:47:51 AM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    6/6/2011 10:47:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    6/6/2011 10:46:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    6/6/2011 10:45:48 AM, Error: EventLog [6008] - The previous system shutdown at 10:43:47 AM on 6/6/2011 was unexpected.
    6/6/2011 10:39:16 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    6/6/2011 10:34:28 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/6/2011 10:34:05 PM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.25 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    6/6/2011 10:34:04 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    6/6/2011 10:34:03 PM, Error: Service Control Manager [7022] - The Smart Card service hung on starting.
    6/6/2011 10:33:47 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain ASEC-INC due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    6/6/2011 10:25:21 PM, Error: Service Control Manager [7034] - The Dell Internal Network Card Power Management service terminated unexpectedly. It has done this 1 time(s).
    6/6/2011 1:35:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Internal Network Card Power Management service to connect.
    6/6/2011 1:33:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
    6/6/2011 1:32:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
    6/6/2011 1:30:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SCardSvr service.
    6/5/2011 8:17:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    6/5/2011 8:11:32 PM, Error: EventLog [6008] - The previous system shutdown at 8:41:06 AM on 6/5/2011 was unexpected.
    6/5/2011 7:56:36 AM, Error: Microsoft-Windows-GroupPolicy [1053] - The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    6/5/2011 7:56:32 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
    6/5/2011 7:53:59 AM, Error: EventLog [6008] - The previous system shutdown at 7:52:07 AM on 6/5/2011 was unexpected.
    6/5/2011 7:48:56 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.10.17.177 for the Network Card with network address 00215C58A12F has been denied by the DHCP server 192.168.2.100 (The DHCP Server sent a DHCPNACK message).
    6/5/2011 7:48:25 AM, Error: EventLog [6008] - The previous system shutdown at 6:56:00 AM on 6/5/2011 was unexpected.
    6/3/2011 5:15:55 PM, Error: Serial [36] - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.
    6/3/2011 4:38:48 PM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL POWER: No media in drive.
    6/3/2011 3:28:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
    6/3/2011 3:28:22 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/3/2011 2:09:52 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    6/3/2011 11:09:11 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL POWER: The device does not recognize the command.
    6/3/2011 10:08:17 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.196 for the Network Card with network address 00215C58A12F has been denied by the DHCP server 10.10.16.1 (The DHCP Server sent a DHCPNACK message).
    6/3/2011 1:16:07 PM, Error: EventLog [6008] - The previous system shutdown at 1:14:27 PM on 6/3/2011 was unexpected.
    6/2/2011 5:20:03 PM, Error: EventLog [6008] - The previous system shutdown at 6:29:57 AM on 6/2/2011 was unexpected.
    6/2/2011 5:06:58 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 00215C58A12F has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
    6/1/2011 9:40:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    6/1/2011 5:48:05 PM, Error: Microsoft-Windows-PrintSpooler [6161] - The document Microsoft Word - AIS_CONOPs_5-26-11 revised.docx, owned by Kelly.Hansen, failed to print on printer Canon MP560 series Printer. Try to print the document again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in bytes: 4415844. Number of bytes printed: 0. Total number of pages in the document: 24. Number of pages printed: 0. Client computer: \\HANSEN-NB. Win32 error code returned by the print processor: 3. The system cannot find the path specified.
    6/1/2011 4:10:49 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\Mercury.ASEC-Incorporated.com, a Windows domain controller for domain ASEC-INC, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
    6/1/2011 4:10:17 PM, Error: NETLOGON [3210] - This computer could not authenticate with \\mars.ASEC-Incorporated.com, a Windows domain controller for domain ASEC-INC, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
    6/1/2011 4:10:07 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.2.2.78 for the Network Card with network address 00215C58A12F has been denied by the DHCP server 192.168.1.10 (The DHCP Server sent a DHCPNACK message).
    5/31/2011 8:14:50 PM, Error: EventLog [6008] - The previous system shutdown at 8:01:37 PM on 5/31/2011 was unexpected.
    5/31/2011 7:46:39 PM, Error: PlugPlayManager [12] - The device 'Printer Port Logical Interface' (LPTENUM\MicrosoftRawPort\5&2a2f7bcb&0&LPT1) disappeared from the system without first being prepared for removal.
    5/31/2011 7:46:39 PM, Error: PlugPlayManager [12] - The device 'ECP Printer Port (LPT1)' (ACPI\PNP0401\4&1ae13cd5&0) disappeared from the system without first being prepared for removal.
    5/31/2011 7:46:34 PM, Error: PlugPlayManager [12] - The device 'Docking Station' (ACPI\DockDevice\_SB.PCI0.PCIE.GDCK) disappeared from the system without first being prepared for removal.
    5/31/2011 7:46:20 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.196 for the Network Card with network address 00215C58A12F has been denied by the DHCP server 10.0.1.1 (The DHCP Server sent a DHCPNACK message).
    5/31/2011 10:47:00 AM, Error: Microsoft-Windows-Smartcard-Server [610] - Smart Card Reader 'SCM Microsystems Inc. SCR33x USB Smart Card Reader 0' rejected IOCTL EJECT: The request is not supported.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I will help look for malware.

    First, could it be that AVG is actually finding the Win32/Heur infection instead of Trojan Sheur2?
    ====================================
    Looking at the log I see more entries for this same plugin than I can count. I stopped counting at 70, but there are at least 70 more:
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    This plugin is for ActiveTouch General Plugin Container

    You have ActivClientCAC x86 installed, related to this site: http://militarycac.com/activclient.htm
    And there are numerous entries for the ActiveClient.

    Are these related and is there any particular reason why you would have over 100+ of these plugins?
    ========================================
    You have a rootkit so we will also work on that:
    Please download MBRCheck and save to your desktop
    • Double click on MBRCheck.exeto run.(Vista and Windows 7 users will have to confirm the UAC prompt)
    • It will show a Black screen with some information that will contain either the below line if no problem is found:
      [o] Done! Press ENTER to exit...
    • Or you will see more information like below if a problem is found:
      [o] Found non-standard or infected MBR.
      [o] Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
    • MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
    • Paste this log to your next message.
     
  5. khansen90

    khansen90 TS Rookie Topic Starter

    MBRCheck Log

    thanks for your help on this. More BSOD and reboots.

    Regarding the trojan...that could be the case.
    I do use active client. I cannot think of any reason for that many instances of the plugin. we can delete anything for those and I can reinstall later.



    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Business Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Latitude D630
    Logical Drives Mask: 0x0000004c

    Kernel Drivers (total 129):
    0x8220A000 \SystemRoot\system32\ntkrnlpa.exe
    0x825C4000 \SystemRoot\system32\hal.dll
    0x854FA000 \SystemRoot\system32\kdcom.dll
    0x8040F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8047F000 \SystemRoot\system32\PSHED.dll
    0x80490000 \SystemRoot\system32\BOOTVID.dll
    0x80498000 \SystemRoot\system32\CLFS.SYS
    0x804D9000 \SystemRoot\system32\CI.dll
    0x80602000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8068B000 \SystemRoot\system32\drivers\acpi.sys
    0x806D1000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806DA000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E2000 \SystemRoot\system32\drivers\pci.sys
    0x80709000 \SystemRoot\System32\drivers\partmgr.sys
    0x80718000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x8071B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x80725000 \SystemRoot\system32\drivers\volmgr.sys
    0x80734000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8077E000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x80785000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x80793000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x807C0000 \SystemRoot\system32\drivers\pciide.sys
    0x807C7000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8280D000 \SystemRoot\system32\drivers\iastorv.sys
    0x828AE000 \SystemRoot\system32\drivers\iastor.sys
    0x8296C000 \SystemRoot\system32\drivers\atapi.sys
    0x82974000 \SystemRoot\system32\drivers\ataport.SYS
    0x82992000 \SystemRoot\system32\drivers\fltmgr.sys
    0x829C4000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82A07000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82A78000 \SystemRoot\system32\drivers\ndis.sys
    0x82B83000 \SystemRoot\system32\drivers\msrpc.sys
    0x82BAE000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88208000 \SystemRoot\System32\drivers\tcpip.sys
    0x882F2000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88404000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88514000 \SystemRoot\system32\drivers\volsnap.sys
    0x88555000 \SystemRoot\system32\DRIVERS\PBADRV.sys
    0x88560000 \SystemRoot\System32\Drivers\mup.sys
    0x8856F000 \SystemRoot\System32\drivers\ecache.sys
    0x88596000 \SystemRoot\System32\DRIVERS\iomdisk.sys
    0x8859D000 \SystemRoot\system32\drivers\disk.sys
    0x885AE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x885CF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x885D8000 \SystemRoot\System32\Drivers\avgrkx86.sys
    0x8830D000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x88318000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88321000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8832C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8836A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C60C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8C809000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
    0x8CA38000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
    0x8CA67000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x8CA77000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x8CA85000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8CA98000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x8CAC2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8CACD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8CAD8000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8CAF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8CAFA000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8CB03000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8CB32000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8CB73000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CB7E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8CB95000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8CBA0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8CBC3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8CBD2000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8CBE6000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8C699000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0x8C722000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8CBFB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8C732000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8C75C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C766000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C773000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8C7A8000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8C800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8C7B9000 \SystemRoot\System32\Drivers\Null.SYS
    0x8C7C0000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8C7C7000 \SystemRoot\System32\drivers\vga.sys
    0x8C7D3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8C7F4000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C600000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x88379000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x88384000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x88392000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8839B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x883B1000 \SystemRoot\System32\Drivers\avgtdix.sys
    0x805B9000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x883EB000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8D40D000 \SystemRoot\system32\drivers\afd.sys
    0x8D455000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D46B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8D479000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8D4B5000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8D4BF000 \SystemRoot\system32\drivers\csc.sys
    0x8D51A000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8D531000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8D53E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8D549000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8D551000 \SystemRoot\System32\Drivers\oz776.sys
    0x8D561000 \SystemRoot\System32\Drivers\USBD.SYS
    0x8D563000 \SystemRoot\System32\Drivers\SMCLIB.SYS
    0x8D56E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x8D583000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8D58C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8D59C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8D5A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x81210000 \SystemRoot\System32\win32k.sys
    0x8D5AB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x81420000 \SystemRoot\System32\drivers\dxg.sys
    0x81450000 \SystemRoot\System32\TSDDD.dll
    0x814D0000 \SystemRoot\System32\framebuf.dll
    0x8D5B5000 \SystemRoot\system32\DRIVERS\SCR3XX2K.sys
    0x8D5C4000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x885E4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8D5EE000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8D400000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x829D4000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x82BE9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x807D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9C007000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9C040000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9C058000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77500000 \Windows\System32\ntdll.dll

    Processes (total 25):
    0 System Idle Process
    4 System
    368 C:\Windows\System32\smss.exe
    440 csrss.exe
    476 csrss.exe
    484 C:\Windows\System32\wininit.exe
    512 C:\Windows\System32\winlogon.exe
    560 C:\Windows\System32\services.exe
    580 C:\Windows\System32\lsass.exe
    588 C:\Windows\System32\lsm.exe
    728 C:\Windows\System32\svchost.exe
    788 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\svchost.exe
    916 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1092 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\svchost.exe
    1376 C:\Windows\System32\svchost.exe
    1532 C:\Windows\System32\svchost.exe
    780 C:\Windows\explorer.exe
    1044 WmiPrvSE.exe
    236 C:\Program Files\Mozilla Firefox\firefox.exe
    1912 C:\Program Files\Mozilla Firefox\plugin-container.exe
    304 C:\Program Files\Mozilla Firefox\plugin-container.exe
    2096 C:\Users\kelly.hansen\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`86600000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`06600000 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHW2120BJFFSG2, Rev: 0085001C

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, MBR scan looks good.

    Regarding this: FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll I think it would be best for you to uninstall the program for now. Then we'' see if that handles all the plugings. If they were different in any way, it might be understandable, but all of the entries are identical.
    =======================================
    Please run the following: AVG left no way to disable to run Combofix- so it must be tempor
    arily uninstalled:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ========================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =========================================
    Question: Are these 2 plugins work related?
    FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDbsGscInfo.dll
    FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDBsignWeb.dll

    =====================================================
    Please paste all logs into next reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...