Vista Pro - Security Center issue and URL redirects

Inactive
By trickydb9
Feb 11, 2011
Topic Status:
Not open for further replies.
  1. Running Vista Pro
    Running Symantec AV Ver 10.2.0.76

    Notices that I was getting redirects.

    Then notice that SC was not running, went in to Services, it was disabled, changed to Automatic started SC service. Thought nothing more.

    Then as I tried to go into SC via CP reported that it could not start. Hmm.

    Go back to Admintools, Services, SC is stopped and set to Disabled. Intresting....
    Started again after setting back to Auto, within 30-40secs its set back to disable. Google, and google some more.....ended up here.

    Any help is apprieciated.


    Temporary File Cleaner has been run.
    Mallwarebytes Log to follow
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot![​IMG]
    (Image courtesy animationplayhouse.com)

    I'll help with the problem. In addition to Mbam, please paste the additional logs from the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
  3. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    MalwareBytes Log

    Sorry for the delay, Just been made an uncle, so had to dash to see my new nephew, and younger sister.

    anyways:-

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5733

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    11/02/2011 20:07:51
    mbam-log-2011-02-11 (20-07-51).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 319243
    Time elapsed: 1 hour(s), 10 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
  4. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    GMER Logs

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-11 11:44:46
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 FUJITSU_MHW2080BH_PL rev.891F
    Running: jyo77q1l.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwloykow.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3880] USER32.dll!TrackPopupMenu 759214F3 5 Bytes JMP 6ABC2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] ntdll.dll!LdrLoadDll 76E693A8 5 Bytes JMP 003213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] ntdll.dll!NtQueryInformationProcess 76EA4CA4 5 Bytes JMP 005204D6
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!closesocket 7577330C 5 Bytes JMP 0050BF35
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!recv 7577343A 5 Bytes JMP 0050BCE3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!GetAddrInfoW 75773D12 5 Bytes JMP 0050B283
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!getaddrinfo 7577418A 5 Bytes JMP 0050B1A3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!WSASend 75774496 5 Bytes JMP 0050BD8D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!send 7577659B 5 Bytes JMP 0050BC3D
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!WSARecv 75778400 5 Bytes JMP 0050BE4E
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!WSAAsyncGetHostByName 75785FB9 2 Bytes JMP 0050B56A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!WSAAsyncGetHostByName + 3 75785FBC 2 Bytes [D8, 8A]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] WS2_32.dll!gethostbyname 757862D4 5 Bytes JMP 0050B0E6
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!DrawTextExW 759191CE 5 Bytes JMP 0050C510
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!DrawTextW 759197D3 5 Bytes JMP 0050C34C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!DrawTextA 7592558D 5 Bytes JMP 0050C270
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!DrawTextExA 759255C4 5 Bytes JMP 0050C428
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!DialogBoxParamW 759310B0 5 Bytes JMP 0050B645
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] USER32.dll!SetClipboardData 75946410 5 Bytes JMP 0050BFC3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!ExtTextOutW 7705872B 5 Bytes JMP 0050C6DD
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!GetGlyphIndicesW 7705B765 5 Bytes JMP 0050CB5E
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!ExtTextOutA 770600A5 5 Bytes JMP 0050C5F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!TextOutA 77060BAB 5 Bytes JMP 0050C0D6
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!TextOutW 77060D6D 5 Bytes JMP 0050C1A3
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4708] GDI32.dll!GetGlyphIndicesA 77079DC0 5 Bytes JMP 0050CA94

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01962F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01962CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01962C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1608] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01962CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DF7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E4A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DFBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DEF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DF75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DEE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E28395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73DFDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DEFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DEFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DE71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E7CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E1C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DE6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DE687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[4064] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DF2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

    Device \Driver\BTHUSB \Device\00000092 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\00000094 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4768
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37781bee
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37781bee@0023b4b8b1c2 0xA8 0xBC 0x3D 0xA5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37781bee@38e7d838ec27 0x62 0x9B 0x32 0x09 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4768 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37781bee (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37781bee@0023b4b8b1c2 0xA8 0xBC 0x3D 0xA5 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37781bee@38e7d838ec27 0x62 0x9B 0x32 0x09 ...

    ---- EOF - GMER 1.0.15 ----
  5. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    DDS.txt

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Administrator at 20:14:07.34 on 11/02/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3062.1450 [GMT 0:00]

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\System32\svchost.exe -k Cognizance
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files\Intel\AMT\atchksrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\lxdncoms.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Intel\AMT\UNS.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
    C:\WINDOWS\SMINST\scheduler.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Symantec AntiVirus\VPTray.exe
    C:\WINDOWS\WindowsMobile\wmdSync.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Users\Administrator\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=none&bd=smb&pf=laptop
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
    mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
    mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
    DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} - hxxp://solarwinds/SWToolset.exe
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-gb.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: {6C83915E-E187-4A7B-98E1-E7BD23600936} = 154.32.109.18
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: APSHook.dll
    LSA: Notification Packages = scecli ASWLNPkg

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\624qa3bn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2010-6-12 21504]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2010-6-12 21504]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-12 21504]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2007-7-12 26168]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
    R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-4-15 1489688]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-12-20 47616]
    R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-11 136176]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2009-4-28 94208]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
    S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2010-12-8 32377]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

    =============== Created Last 30 ================

    2011-02-10 17:52:01 -------- d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2011-02-10 17:51:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-02-10 17:51:56 -------- d-----w- c:\progra~2\Malwarebytes
    2011-02-10 17:51:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-02-10 17:51:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-02-10 17:44:12 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{687e562a-ac7a-4562-b8b6-c0c1510d9d77}\mpengine.dll
    2011-02-09 08:39:59 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-21 20:06:28 98304 --sha-r- c:\windows\system32\wuwebvt.dll
    2011-01-15 14:43:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard
    2011-01-15 14:41:19 -------- d-----w- c:\program files\LeapFrog
    2011-01-15 14:41:19 -------- d-----w- c:\progra~2\Leapfrog

    ==================== Find3M ====================

    2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
    2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe

    ============= FINISH: 20:14:45.19 ===============
  6. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    attach.txt

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Business
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15/04/2008 21:10:46
    System Uptime: 11/02/2011 11:02:20 (9 hours ago)

    Motherboard: Hewlett-Packard | | 30BE
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U10 | 2001/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 67 GiB total, 12.462 GiB free.
    D: is FIXED (NTFS) - 6 GiB total, 1.424 GiB free.
    E: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00000004-0000-1000-8000-0002EE000002}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_LOCALMFG&000F\7&2E56BFAD&0&0023B4B8B1C2_C00000000
    Service:

    Class GUID:
    Description:
    Device ID: ROOT\WPD\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\WPD\0000
    Service:

    ==== System Restore Points ===================

    RP604: 21/01/2011 10:11:45 - Scheduled Checkpoint
    RP605: 21/01/2011 11:23:33 - Windows Update

    ==== Installed Programs ======================


    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Application Installer 4.00.B13
    Credential Manager for HP ProtectTools
    D3DX10
    ESU for Microsoft Vista
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard Active Check
    Hewlett-Packard Asset Agent
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP 3D DriveGuard
    HP Active Support Library
    HP Active Support Library 32 bit components
    HP Backup & Recovery Manager Installer
    HP BIOS Configuration for ProtectTools
    HP Broadband Wireless Modules
    HP Doc Viewer
    HP Easy Setup - Core
    HP Easy Setup - Frontend
    HP Help and Support
    HP ProtectTools Security Manager
    HP Quick Launch Buttons 6.20 D3
    HP Update
    HP User Guides 0058
    HP Wireless Assistant
    HP WWAN Setup Utility
    Intel(R) Active Management Technology Device Software
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Interface
    Intel(R) PRO Network Connections Drivers
    InterVideo DVD Check
    InterVideo Register Manager
    InterVideo WinDVD
    IsoBuster 2.3
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 21
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Junk Mail filter update
    LeapFrog Connect
    LeapFrog My Pals Plugin
    Lexmark 2600 Series
    LightScribe 1.4.136.1
    LiveReg (Symantec Corporation)
    LiveUpdate 3.2 (Symantec Corporation)
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes' Anti-Malware
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Conferencing Add-in for Microsoft Office Outlook
    Microsoft Easy Assist v2
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio Professional 2003
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Mozilla Firefox (3.6.13)
    MSCU for Microsoft Vista
    MSVC80_x86
    MSVC80_x86_v2
    MSVCRT
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NSS (remove only)
    OGA Notifier 2.0.0048.0
    PC Connectivity Solution
    QuickTime
    RealPlayer
    Roxio Express Labeler 3
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Skype™ 5.0
    Soft Data Fax Modem with SmartCP
    Sonic Activation Module
    SoundMAX
    Symantec AntiVirus
    TreeSize Professional 3.3
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2412171)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2492475)
    Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
    Vista Codec Package
    Vista Default Settings
    Windows 7 Upgrade Advisor
    Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
    Windows Driver Package - Nokia Modem (06/09/2010 4.5)
    Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.7)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR archiver
    XviD MPEG-4 Video Codec

    ==== Event Viewer Messages From Past Week ========

    11/02/2011 11:03:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SYMTDI
    11/02/2011 11:03:14, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.
    11/02/2011 11:03:14, Error: Service Control Manager [7000] - The lxdnCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/02/2011 11:00:37, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/02/2011 11:00:37, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    11/02/2011 10:53:59, Error: Service Control Manager [7034] - The HP Service service terminated unexpectedly. It has done this 1 time(s).
    11/02/2011 10:42:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    11/02/2011 10:41:12, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001DE0391497 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/02/2011 10:36:56, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001DE0391497 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/02/2011 10:36:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/02/2011 10:36:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/02/2011 10:36:18, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/02/2011 10:32:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl spldr SRTSP SRTSPX SYMTDI Wanarpv6
    11/02/2011 10:32:21, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/02/2011 10:31:19, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
    11/02/2011 10:31:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    11/02/2011 10:28:32, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.6 for the Network Card with network address 001DE0391497 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    11/02/2011 10:08:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
    11/02/2011 10:08:56, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/02/2011 08:30:34, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 001DE0391497 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    04/02/2011 07:46:22, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 001DE0391497 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
  7. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    Right that your lot guys good luck.

    Also I did some checks with Firefox, this is ALSO redirecting, so it not just an IE related URL hijacker.

    Cheers

    TB9
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Congratulations Uncle Tricky! May you and your sister have many years of pleasure with the new 'man' in the family!

    Okay- if you had told me you were slow, I would have said "Of course you are! Why do you have every program and app on the system running in the background?"

    Did you not know that the only processes that need to start on boot are the antivirus program, firewall if using 3rd party firewall, touchpad if on laptop and network processes is using something like Pure/Cisco Networks? Did you not know that you can call up whatever you need by clicking on All Programs? And that you don't need to allow anything to auto-update except the AV program? Wow! That would really trim your system down, give more speed and reduce vulnerabilities!

    To one of the matters at hand: TCP: {6C83915E-E187-4A7B-98E1-E7BD23600936} = 154.32.109.18 This IP is "location unknown" on first search. But search of the RIPE Database shows it to be a part of PSINET UK Network Operations, Telstra Europe Network Operations, in the UK. It does not appear to be showing as the IP usually does. Is this your ISP?
    ====================================
    You have several outdated version of Java on the system and do not have the current version v6u23. This is a vulnerability for the system.
    Check this site .Java Updates Stay current as most updates are for security. Uninstall any earlier versions in Add/Remove Programs. I see 5 old versions.
    ===================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  9. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    Thanks Bobbye! The new little guy and mum are doing really well, got to cuddle the little dude alot which is cool and gave my sis a few ours sleep.

    Right, back to the questions...

    "To one of the matters at hand: TCP: {6C83915E-E187-4A7B-98E1-E7BD23600936} = 154.32.109.18 This IP is "location unknown" on first search. But search of the RIPE Database shows it to be a part of PSINET UK Network Operations, Telstra Europe Network Operations, in the UK. It does not appear to be showing as the IP usually does. Is this your ISP?"

    My ISP is VIRGIN. This LAPTOP is an ex company laptop. PSINET and TELSTRA are the same company and are the providers of the T1 connect to the "EX" company. 154.32.109.18 is a DNS server of theres. This may be an over hang IP setting for them. So can be removed. I may have entered that myself if I was having DNS issues.

    Re the going slow thing. TEACH ME!! I have a good understanding of IT things, but I am know way a IT man :)

    On the case now for the NOD32 and Combofix things.

    Final note. THANKYOU! I really apprieciate you taking the time to help me, I wish my local ICT was as helpfull as you guys.
  10. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    ESET Found nothing, and did not produce a log file.....
  11. trickydb9

    trickydb9 Newcomer, in training Topic Starter

    SORTED!!!

    SC is now not terminating!!! Also just did some URL test, and it all looks good.

    Do you the log file from combofix?
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I haven't seen the Combofix log yet! I started some script for entries in DDS to be moved, but can't add from Comfoix unless I see the report.

    If you mean "Did I remove the Comfix log?", the answer is no.
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This thread is being closed due to inactivity. If you still need help, please send me a PM and include the URL of the thread.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.