Slow PC, script error, possible malware

Inactive
By TiffanieMarie
Oct 18, 2011
Topic Status:
Not open for further replies.
  1. So, problem with this pc is its slow, its a multi-user pc. HP Pavilion desktop. AMD Phenom 9500 quad-core processor 2.2 ghz. 3 gb RAM. We have Trend Micro installed for antivirus, and it seems to do its job, blocking anything and everything and being quite a pain in the ***, but an efficient one. We have recently acquired what seems to be a script error that pops up a lot, used to just say some kind of google link at the bottom, for almost every new page that loads but more recently it was blackberry.com that had the script error pop up, not quite sure what it is, its our first encounter with it.
  2. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7970

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.19120

    17/10/2011 9:21:27 PM
    mbam-log-2011-10-17 (21-21-27).txt

    Scan type: Quick scan
    Objects scanned: 180817
    Time elapsed: 20 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  3. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-10-18 01:09:21
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000058 WDC_WD40 rev.12.0
    Running: xws7h4i1.exe; Driver: C:\Users\Greg\AppData\Local\Temp\kwldqpod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\tdx \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- EOF - GMER 1.0.15 ----
  4. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 29/03/2008 12:41:40 PM
    System Uptime: 17/10/2011 8:19:39 PM (5 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | NARRA3
    Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 1100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 363 GiB total, 235.87 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.323 GiB free.
    E: is CDROM (CDFS)
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: NVIDIA nForce Networking Controller
    Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38
    Manufacturer: NVIDIA
    Name: NVIDIA nForce Networking Controller
    PNP Device ID: PCI\VEN_10DE&DEV_03EF&SUBSYS_2A6C103C&REV_A2\3&2411E6FE&0&38
    Service: NVENETFD
    .
    ==== System Restore Points ===================
    .
    RP1120: 18/10/2011 12:00:02 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    2004 Mahjongg
    7 Wonders
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.3.0
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    BlackBerry Desktop Software 6.0
    Bonjour
    Cake Mania Deluxe
    Cake Mania Main Street™
    Canon MP Navigator EX 1.0
    Canon MP210 series
    Canon My Printer
    Canon Utilities Easy-PhotoPrint EX
    Canon Utilities Solution Menu
    Cards_Calendar_OrderGift_DoMorePlugout
    Coby Media Manager
    Compatibility Pack for the 2007 Office system
    CyberLink DVD Suite Deluxe
    D3DX10
    Disney's Mickey Mouse Toddler
    eGames Toolbar
    Enhanced Multimedia Keyboard Solution
    Fishdom(TM) 2
    FrostWire 4.21.7
    Google Chrome Frame
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Hardware Diagnostic Tools
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent for Health Check
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Feedback
    HP Easy Setup - Frontend
    HP Games
    HP On-Screen Cap/Num/Scroll Lock Indicator
    HP Photosmart Essential 2.5
    HP Picasso Media Center Add-In
    HP Total Care Advisor
    HP Update
    HPPhotoSmartPhotobookWebPack1
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Junk Mail filter update
    LabelPrint
    LightScribe System Software 1.10.16.1
    LightScribe Template Labeler
    Luxor - Quest For The Afterlife
    Mahjongg Jr.
    Mahjongg Master 4
    Mahjongg Master 5
    Mahjongg Master Deluxe
    Mahjongg Master Egyptian Edition
    Mahjongg Patience
    Mahjongg Tiles of Time Lite
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 3 Tools for Visual Web Developer Express 2008 SP1 - ENU
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio Web Authoring Component
    Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
    Microsoft Web Platform Installer 2.0
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
    Microsoft Works
    MobileMe Control Panel
    Monopoly
    Monopoly Junior
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    OpenOffice.org Installer 1.0
    Opera 11.50
    Operation
    Peggle Deluxe
    PIXMA Extended Survey Program
    Power2Go
    PowerDirector
    PSSWCORE
    Python 2.5
    QuickTime
    Realtek High Definition Audio Driver
    Rocky Mountain Trophy Hunter 2
    Safari
    ScanSoft OmniPage SE 4
    Search for the Secret Keys
    Search Guard Plus (My Web Tattoo)
    Search Guard Plus Updater (My Web Tattoo)
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB2251487)
    Segoe UI
    Service Pack 1 for SQL Server 2008 (KB968369)
    Snapfish Picture Mover
    Soft Data Fax Modem with SmartCP
    Sorry
    Sql Server Customer Experience Improvement Program
    Super Collapse! 3
    Trend Micro Internet Security
    TweetDeck
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB967144)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    Update Installer for WildTangent Games App
    Veoh Video Compass
    Veoh Web Player
    VideoToolkit01
    WeatherBug Gadget
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Word Connect
    WOT for Internet Explorer
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    17/10/2011 11:33:50 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    .
    ==== End Of File ===========================
  5. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19120
    Run by Greg at 1:09:56 on 2011-10-18
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1358 [GMT -7:00]
    .
    AV: Trend Micro Internet Security Pro *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    SP: Trend Micro Internet Security Pro *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trend Micro\BM\TMBMSRV.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
    C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\WINDOWS\RtHDVCpl.exe
    C:\WINDOWS\System32\jureg.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\WindowsMobile\wmdSync.exe
    C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
    C:\Windows\system32\schtasks.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uSearch Bar =
    uStart Page = hxxp://www.google.ca/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\14.0.835.202\npchrome_frame.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend micro\trendsecure\tisprotoolbar\TSToolbar.dll
    TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
    TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
    TB: @c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2380.0\npwinext.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] c:\hp\kbd\KbdStub.EXE
    mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
    mRun: [<NO NAME>]
    mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{F09BB484-5750-47C5-89C9-80006BDD4E13} : DhcpNameServer = 192.168.1.254
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\14.0.835.202\npchrome_frame.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    AppInit_DLLs: c:\windows\system32\dsprop32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-3-31 145424]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-21 21504]
    R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-31 50256]
    R2 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2009-3-31 497008]
    R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2011-9-6 36624]
    R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-31 677128]
    R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-3-31 256528]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
    S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe --> c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [?]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
    S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2007-9-12 25760]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
    S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
    .
    =============== Created Last 30 ================
    .
    2011-10-18 03:39:01 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4e023c51-81da-4029-a058-109735d158bf}\offreg.dll
    2011-10-18 03:38:55 7269712 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4e023c51-81da-4029-a058-109735d158bf}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
    2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 1:11:13.43 ===============
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I will check the logs. But wanted to make sure you understand:

    1. There are many reasons for 'slow'. Even if we find malware, it might not be the cause of 'slow.'

    2. Are you aware that the Blackberry servers were down for several days and are still trying to catch up? http://www.techcentral.co.za/blackberry-down-but-far-from-out/26824/
    =========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Okay, in addition to a possible slowdown due to Blackberry, your main bad boy is:
    My Web Tattoo,Fast Browser Search,Search Guard Plus

    We need to find all of the entries, so please run the following:
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =============================================
    Edit: If you can't keep the other users off of the system while I'm helping clean the system, it will go better.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    I just found your thread from 4 weeks ago.http://www.techspot.com/vb/topic171033.html The 'moved & edited' was done by you today. I'm going to delete the thread since there is no contents, but wondered if it slipped by us. Or why you went back and deleted all the posts.
  9. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    It went unresponded, and I was unsure why, so I deleted rescanned and reposted everything.

    I am aware of the Blackberry system problems, I wasn't having problems with the site, I was referencing the site which produced the script error pop up, I will try do a screen shot the next time I encounter it, because we have multiple browsers and it happens on all of them.

    I am running the scans now.
  10. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    There were no threats fun when I ran the ESET Scan.

    It says scanned files 8, and it also says user stopped the scan, I didn't stop it. Not sure if it did a full scan? Should I run again?
  11. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    ComboFix 11-10-19.06 - Greg 19/10/2011 14:46:04.1.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1167 [GMT -7:00]
    Running from: c:\users\Greg\Desktop\ComboFix.exe
    AV: Trend Micro Internet Security Pro *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
    FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Trend Micro Internet Security Pro *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\program files\Search Guard Plus
    c:\program files\Search Guard Plus\fbsProtection.xml
    c:\program files\Search Guard Plus\fbsProtectionI.xml
    c:\program files\Search Guard Plus\fbsSearchProvider.xml
    c:\program files\Search Guard Plus\FbsSearchProviderIE8.exe
    c:\program files\Search Guard Plus\SearchGuardPlus.ico
    c:\program files\Search Guard Plus\uninstalSGP.exe
    c:\program files\Search Guard PlusU
    c:\program files\Search Guard PlusU\SGPU.ico
    c:\program files\Search Guard PlusU\sgpUpdater.exe
    c:\program files\Search Guard PlusU\sgpUpdater.xml
    c:\program files\Search Guard PlusU\sgpUpdaters.exe
    c:\program files\Search Guard PlusU\uninstalSGPU.exe
    c:\program files\SGPSA
    c:\program files\SGPSA\ie3sh.exe
    c:\program files\SGPSA\SearchAssistant.dll
    c:\windows\system32\service
    c:\windows\system32\service\01042010_TIS17_SfFniAU.log
    c:\windows\system32\service\01082009_TIS17_SfFniAU.log
    c:\windows\system32\service\01092009_TIS17_SfFniAU.log
    c:\windows\system32\service\02112009_TIS17_SfFniAU.log
    c:\windows\system32\service\03012010_TIS17_SfFniAU.log
    c:\windows\system32\service\03022011_TIS17_SfFniAU.log
    c:\windows\system32\service\03032010_TIS17_SfFniAU.log
    c:\windows\system32\service\04032010_TIS17_SfFniAU.log
    c:\windows\system32\service\04072010_TIS17_SfFniAU.log
    c:\windows\system32\service\04082009_TIS17_SfFniAU.log
    c:\windows\system32\service\05042010_TIS17_SfFniAU.log
    c:\windows\system32\service\05082010_TIS17_SfFniAU.log
    c:\windows\system32\service\05112009_TIS17_SfFniAU.log
    c:\windows\system32\service\07062010_TIS17_SfFniAU.log
    c:\windows\system32\service\09122009_TIS17_SfFniAU.log
    c:\windows\system32\service\11022010_TIS17_SfFniAU.log
    c:\windows\system32\service\12082011_TIS17_SfFniAU.log
    c:\windows\system32\service\13072010_TIS17_SfFniAU.log
    c:\windows\system32\service\13112010_TIS17_SfFniAU.log
    c:\windows\system32\service\14042010_TIS17_SfFniAU.log
    c:\windows\system32\service\14072009_TIS17_SfFniAU.log
    c:\windows\system32\service\14072010_TIS17_SfFniAU.log
    c:\windows\system32\service\14112009_TIS17_SfFniAU.log
    c:\windows\system32\service\15072010_TIS17_SfFniAU.log
    c:\windows\system32\service\15092010_TIS17_SfFniAU.log
    c:\windows\system32\service\16012010_TIS17_SfFniAU.log
    c:\windows\system32\service\16052009_TIS17_SfFniAU.log
    c:\windows\system32\service\16052010_TIS17_SfFniAU.log
    c:\windows\system32\service\16062010_TIS17_SfFniAU.log
    c:\windows\system32\service\16082009_TIS17_SfFniAU.log
    c:\windows\system32\service\17102009_TIS17_SfFniAU.log
    c:\windows\system32\service\18062010_TIS17_SfFniAU.log
    c:\windows\system32\service\18112009_TIS17_SfFniAU.log
    c:\windows\system32\service\20022009_TIS17_SfFniAU.log
    c:\windows\system32\service\20072010_TIS17_SfFniAU.log
    c:\windows\system32\service\21032010_TIS17_SfFniAU.log
    c:\windows\system32\service\21072009_TIS17_SfFniAU.log
    c:\windows\system32\service\22062009_TIS17_SfFniAU.log
    c:\windows\system32\service\22062010_TIS17_SfFniAU.log
    c:\windows\system32\service\22092009_TIS17_SfFniAU.log
    c:\windows\system32\service\23052009_TIS17_SfFniAU.log
    c:\windows\system32\service\23102010_TIS17_SfFniAU.log
    c:\windows\system32\service\24032010_TIS17_SfFniAU.log
    c:\windows\system32\service\24052009_TIS17_SfFniAU.log
    c:\windows\system32\service\24062010_TIS17_SfFniAU.log
    c:\windows\system32\service\25012010_TIS17_SfFniAU.log
    c:\windows\system32\service\25072010_TIS17_SfFniAU.log
    c:\windows\system32\service\26022010_TIS17_SfFniAU.log
    c:\windows\system32\service\27062009_TIS17_SfFniAU.log
    c:\windows\system32\service\27112009_TIS17_SfFniAU.log
    c:\windows\system32\service\28042010_TIS17_SfFniAU.log
    c:\windows\system32\service\29062010_TIS17_SfFniAU.log
    c:\windows\system32\service\29072009_TIS17_SfFniAU.log
    c:\windows\system32\service\30012011_TIS17_SfFniAU.log
    c:\windows\system32\service\31102010_TIS17_SfFniAU.log
    c:\windows\system32\service\31122009_TIS17_SfFniAU.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-19 22:03 . 2011-10-19 22:04 -------- d-----w- c:\users\Greg\AppData\Local\temp
    2011-10-19 22:03 . 2011-10-19 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\program files\ESET
    2011-10-18 10:33 . 2011-10-18 10:33 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F21F825-9689-4050-BC1D-B93277BD8C5C}\offreg.dll
    2011-10-18 08:23 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F21F825-9689-4050-BC1D-B93277BD8C5C}\mpengine.dll
    2011-10-18 03:43 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-18 03:43 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-18 03:41 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-10-18 03:41 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-18 03:41 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-18 03:41 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-18 03:41 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-21 00:48 . 2011-09-21 00:48 -------- d-----w- c:\program files\Apple Software Update
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-01 00:00 . 2011-01-18 22:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 92704]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 88608]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-27 17:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
    R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
    R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-05 50256]
    S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-09-03 497008]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
    S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-09-03 677128]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-27 21:59]
    .
    2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 09:55]
    .
    2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 09:55]
    .
    2011-10-19 c:\windows\Tasks\User_Feed_Synchronization-{93C66D3D-FFA6-447F-8AA9-CC7BD556637D}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-18 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
    HKLM-Run-FBSSA - c:\program files\SGPSA\ie3sh.exe
    MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-19 15:04
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    FBSSA = c:\program files\SGPSA\ie3sh.exe??esul??/res??ts.a??x?q=??earchT{???????web&s=DSP&v=19&tid={D07B8316
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-10-19 15:09:09
    ComboFix-quarantined-files.txt 2011-10-19 22:08
    .
    Pre-Run: 256,035,483,648 bytes free
    Post-Run: 256,735,784,960 bytes free
    .
    - - End Of File - - 27FB8FCDD79684209AA7B61ED65DBE96
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    As you will note, I have edited your first post and rename the thread. Since I know you are in the Virus and Malware forum, it helps me to be able to look at the top of my browser when working on the logs and be reminded of the problem.
    ======================================
    Yes, if the Eset scan didn't complete, please repeat it
    =====================================
    Download catchme.exe ( 137KB ) and save to your desktop.
    • Double click the catchme.exe to run it
    • Click the "Scan" button to start scan
      [​IMG]
    • Open catchme.log to see results

    Copy the log to Notepad, making sure that 'Word Wrap' is unchecked in Format. Then paste the log in your next reply.
    =========================================
    There are several outdated versions of Java on the system. The best way to remove all is to run this program:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    There is malware in the Java cache so it needs to be cleared:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===============================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    DDS::
    uSearch Page =
    uSearch Bar = 
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=desktop
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\program files\sgpsa\SearchAssistant.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun: [FBSSA] c:\program files\sgpsa\ie3sh.exe
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Please leave logs for the Eset scan, catchme and the new Combofix log in your next reply.
  13. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    esets_scanner_update returned -1 esets_gle=1

    C:\Qoobox\Quarantine\C\Program Files\SGPSA\ie3sh.exe.vir probably a variant of Win32/BHO.OCS trojan
    C:\Users\Greg\Music\big river cree native american (rare track).snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Users\Greg\Music\im sorry big river cree native [new album].au a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Users\Greg\Music\my heart belongs to you big.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Users\Greg\Music\Tiff\My Music\NewShit\Immortal Sin Fight.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
    C:\Users\Greg\Music\Tiff\My Music\NewShit\MOMMA SAID KNOCK YOU OUT REMIX.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan
     
  14. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-26 15:25:04
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Users\Greg\AppData\Local\Opera\Opera\cache\g_0002\opr00CUO.tmp
    C:\Users\Greg\AppData\Local\temp\fla217A.tmp
    C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Recent\BDUM.lnk 704 bytes
    C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Recent\VIDEO_TS (2).lnk 414 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 4
  15. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    ComboFix 11-10-19.06 - Greg 26/10/2011 17:36:31.2.4 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.3070.1700 [GMT -7:00]
    Running from: c:\users\Greg\Desktop\ComboFix.exe
    Command switches used :: c:\users\Greg\Desktop\CFScript.txt
    AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    SP: Trend Micro Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-27 to 2011-10-27 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-27 00:39 . 2011-10-27 00:47 -------- d-----w- c:\users\Greg\AppData\Local\temp
    2011-10-27 00:39 . 2011-10-27 00:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-26 05:49 . 2011-10-26 05:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-26 05:46 . 2011-08-13 04:43 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2011-10-26 05:42 . 2011-10-26 05:42 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0487229-8506-4D4A-8043-4D9FAEB605AD}\offreg.dll
    2011-10-26 05:42 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0487229-8506-4D4A-8043-4D9FAEB605AD}\mpengine.dll
    2011-10-26 05:11 . 2011-10-26 05:11 -------- d-----w- c:\program files\Bonjour
    2011-10-19 21:32 . 2011-10-19 21:32 -------- d-----w- c:\program files\ESET
    2011-10-18 03:43 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-18 03:43 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-18 03:41 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-10-18 03:41 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-18 03:41 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-10-18 03:41 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-18 03:41 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-03 12:06 . 2010-12-25 04:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-01 00:00 . 2011-01-18 22:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-31 06:05 . 2011-08-31 06:05 178536 ----a-w- c:\windows\system32\dnssdX.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
    "OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
    "SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-11 92704]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-11 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-11 88608]
    "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-10-20 995528]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
    "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-27 17:27 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
    R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 135664]
    R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
    S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sys [2009-03-03 145424]
    S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
    S2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [x]
    S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2011-07-12 36624]
    S2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [x]
    S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2009-03-03 256528]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-26 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-27 21:59]
    .
    2011-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 09:55]
    .
    2011-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 09:55]
    .
    2011-10-26 c:\windows\Tasks\User_Feed_Synchronization-{93C66D3D-FFA6-447F-8AA9-CC7BD556637D}.job
    - c:\windows\system32\msfeedssync.exe [2011-10-18 21:29]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-26 17:47
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-10-26 17:52:34
    ComboFix-quarantined-files.txt 2011-10-27 00:52
    ComboFix2.txt 2011-10-19 22:09
    .
    Pre-Run: 255,574,532,096 bytes free
    Post-Run: 255,616,978,944 bytes free
    .
    - - End Of File - - B9CF3FEFEB34BFAB758018FDD12FEC3B
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      Code:
      :Files  
      C:\Users\Greg\Music\big river cree native american (rare track).snd 
      C:\Users\Greg\Music\im sorry big river cree native [new album].au 
      C:\Users\Greg\Music\my heart belongs to you big.mp3 
      C:\Users\Greg\Music\Tiff\My Music\NewShit\Immortal Sin Fight.wma 
      C:\Users\Greg\Music\Tiff\My Music\NewShit\MOMMA SAID KNOCK YOU OUT REMIX.wma 
      
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ============================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =============================================
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
  17. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    All processes killed
    ========== FILES ==========
    C:\Users\Greg\Music\big river cree native american (rare track).snd moved successfully.
    C:\Users\Greg\Music\im sorry big river cree native [new album].au moved successfully.
    C:\Users\Greg\Music\my heart belongs to you big.mp3 moved successfully.
    C:\Users\Greg\Music\Tiff\My Music\NewShit\Immortal Sin Fight.wma moved successfully.
    C:\Users\Greg\Music\Tiff\My Music\NewShit\MOMMA SAID KNOCK YOU OUT REMIX.wma moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Greg
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 1652863557 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 22363761 bytes
    ->Flash cache emptied: 61218 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 32920 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 1,598.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 11072011_134621

    Files moved on Reboot...

    Registry entries deleted on Reboot...
  18. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\hp games\ancient secrets\safecrack.lua
    c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
    c:\program files\hp games\jewel quest\audio\st_win3_crackle.ogg
    c:\program files\hp games\mah jong quest\images\tile_firecracker-1.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker-2.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker-3.pnge
    c:\program files\hp games\mah jong quest\images\tile_firecracker1.pnge
    c:\program files\hp games\mah jong quest\images\kwazi3\level5-1cracktop.jpge
    c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack1.jpge
    c:\program files\hp games\mah jong quest\images\kwazi5\5_lvl_5a_postcrack2.jpge
    c:\program files\mumbojumbo\luxor - quest for the afterlife\data\sound\fx\torch_crackling.ogg
    c:\program files\popcap games\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\users\greg\music\eminem feat. 50 cent & dr. dre\relapse\18 crack a bottle.m4a
    c:\users\greg\music\itunes\mobile applications\crackcode 1.31.ipa
    scanner sequence 3.DK.11.FNAPPC
    ----- EOF -----
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Combofix is running in Reduced Functionality Mode:
    Windows Vista has the following kinds of reduced functionality mode:

    * Out-of-grace reduced functionality mode
    * Non-genuine reduced functionality mode

    There are 4 hidden files which appear to be torrent files for piracy. Some also show in the CK Scan.

    There is only 1 account name, Greg, on the system. This seems strange as you said there are multiple users. OTM shows Account: Greg> Total Files Cleaned = 1,598.00 mb. This is an enormous number of files.

    There are 2 entries for "Tiff\My Music\NewShi*" also under the 'Greg' account.

    If 'Greg' account is Administrator account, then it means that all users are logging on as the Administrator. This means that the system is running at the highest level no matter who is using this and this presents a great danger to the system.
    ==============================
    Please run the following to continue:
    Please run the MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
  20. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Online Validation Code: 0x0
    Windows Product Key: *****-*****-27HYQ-XTKW2-WQD8Q
    Windows Product Key Hash: U8YEZzymoD4DMyaMb32rPrNIS90=
    Windows Product ID: 89578-OEM-7332157-00061
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 6.0.6002.2.00010300.2.0.003
    ID: {E2225F34-EB33-4040-ACE7-DD2BDF3DB3F4}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.42.0
    Signed By: Microsoft
    Product Name: Windows Vista (TM) Home Premium
    Architecture: 0x00000000
    Build lab: 6002.vistasp2_gdr.110617-0336
    TTS Error:
    Validation Diagnostic:
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A, hr = 0x80070002
    Version: 6.0.6002.16398

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Enterprise 2007 - 100 Genuine
    Microsoft Office Home and Student 2007 - 100 Genuine
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005_B4D0AA8B-920-80070057

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{E2225F34-EB33-4040-ACE7-DD2BDF3DB3F4}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-WQD8Q</PKey><PID>89578-OEM-7332157-00061</PID><PIDType>2</PIDType><SID>S-1-5-21-2086128633-505289029-1000217186</SID><SYSTEM><Manufacturer>HP-Pavilion</Manufacturer><Model>KE570AA-A2L a6352f</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 5.04</Version><SMBIOSVersion major="2" minor="4"/><Date>20071212000000.000000+000</Date></BIOS><HWID>23333507018400F2</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-CPC</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>1D14CCA06B00586</Val><Hash>WeTKVXX9ERljHOxyQubERLzf2jQ=</Hash><Pid>89388-707-8102953-65664</Pid><PidType>14</PidType></Product><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

    Spsys.log Content: 0x80070002

    Licensing Data-->
    Software licensing service version: 6.0.6002.18005
    Name: Windows(TM) Vista, HomePremium edition
    Description: Windows Operating System - Vista, OEM_SLP channel
    Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
    Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
    Extended PID: 89578-00146-321-500061-02-4105-6000.0000-0892008
    Installation ID: 011452067753123494725473423234774570392130296042870450
    Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
    Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
    Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
    Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
    Partial Product Key: WQD8Q
    License Status: Licensed

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    HWID Hash Current: MgAAAAEAAwABAAEAAQABAAAAAgABAAEAeqi+qlRWFKvE15IAENvccvL0ynLCaqxW1sc=

    OEM Activation 1.0 Data-->
    N/A

    OEM Activation 2.0 Data-->
    BIOS valid for OA 2.0: yes
    Windows marker version: 0x20000
    OEMID and OEMTableID Consistent: yes
    BIOS Information:
    ACPI Table Name OEMID Value OEMTableID Value
    APIC HPQOEM SLIC-CPC
    FACP HPQOEM SLIC-CPC
    HPET HPQOEM SLIC-CPC
    MCFG HPQOEM SLIC-CPC
    SLIC HPQOEM SLIC-CPC
    SSDT HPQOEM SLIC-CPC
  21. TiffanieMarie

    TiffanieMarie Newcomer, in training Topic Starter Posts: 48

    Yes the computer runs as only one user: Greg. Should I change this so there are 2; Admin and Greg. Is there anyway to create Admin without changing Greg?
    What can I do about the files? and ComboFix running in RFM, how do I change this?
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    This thread was started almost 2 months ago. The only reason it's still open is because I didn't get around to closing it after 5 days of no reply.

    My last instruction to you was 4 weeks ago. You can't just drop in and out of a cleaning in progress.

    If you still have malware related problems, please start a new thread. Describe the specific problem you're having that you think or know may be related to malware. Go through the preliminary scans again and post the logs. I will review the new logs.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    I am closing this outdated thread.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.