Resolved [Closed] Www.Google-analytics.com

Status
Not open for further replies.
I've been sitting here for an hour trying to make sense out of your logs! There is so much that needs to be removed from the system, rather than try to piece it together, you would do best with a reformay/reinstall.

It's not all malware! You have processes for 3 antivirus programs running: Avast, AVG, Norton Worm Protect. from Norton Security 2005. You also downloaded the setup for Kaspersky AV. It looks like on 10/15 and 10/16, you went around the internet and gathered this and that, maybe in the hope that it would fix things.

Instead, it made the system worse. And on the following dates, you got multiples of the same:
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet(2)(2).dll

2010-09-09 14:16:31 627712 ----a-w- c:\windows\system32\urlmon(2)(2).dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k(2)(2).sys

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc(2)(2).dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32(2)(2).dll

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(3).dll
===============================================
I am not sure how you could even run multiple processes of the above! You can remove a few entries in HijackThis, but I think it's a waste of your time:

Please reopen HiackThis to 'do system scan only.' Check each of the following, if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
O16 - DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} (RtspVaPgCtrl Class) - http://74.73.125.189:8888/RtspVaPgDec.cab

Close all Windows except HijackThis and click on "Fix Checked"
======================================================
Please run this Custom CFScript

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys
c:\windows\system32\drivers\klif.sys

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"=-

DDS::
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
uURLSearchHooks: H - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
DPF: {361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2} - hxxp://74.73.125.189:8888/RtspVaPgDec.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

SecCenter::
{990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
Driver::
SABKUTI
KLIF
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
This may help a little but I don't think it will be any significant improvement.
 
I could not check the first three items as they did not re-appear on the Hi Jack this again but here is the log as per your advise:

ComboFix 10-10-21.08 - Robert 10/22/2010 10:53:51.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.959.563 [GMT -4:00]
Running from: c:\documents and settings\Robert\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robert\Desktop\cfscript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys"
"c:\windows\system32\drivers\klif.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_KLIF
-------\Service_KLIF


((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

2010-10-19 12:50 . 2010-10-19 12:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Gtek
2010-10-19 12:50 . 2010-10-19 12:50 -------- d-----w- c:\documents and settings\Robert\Application Data\GTek
2010-10-16 19:57 . 2010-04-14 16:35 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-16 19:57 . 2010-04-14 16:31 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-16 19:57 . 2010-04-14 16:35 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-16 19:57 . 2010-04-14 16:31 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-16 19:57 . 2010-04-14 16:31 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-16 19:57 . 2010-04-14 16:31 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-16 19:57 . 2010-04-14 16:30 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-16 19:56 . 2010-04-14 16:47 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-10-16 19:56 . 2010-04-14 16:47 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-16 17:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 17:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 16:49 . 2010-10-17 01:35 -------- d-----w- c:\documents and settings\Administrator
2010-10-16 16:11 . 2010-10-16 16:11 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\VS Revo Group
2010-10-16 15:43 . 2010-10-16 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-10-16 00:49 . 2010-10-16 00:49 -------- d-----w- c:\documents and settings\Robert\Application Data\AVG10
2010-10-16 00:47 . 2010-10-16 00:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-10-16 00:45 . 2010-10-16 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-10-16 00:39 . 2010-10-16 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-16 00:10 . 2010-10-16 00:50 -------- d-----w- c:\program files\PC Tools Security
2010-10-16 00:06 . 2010-10-16 02:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-16 00:04 . 2010-10-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-10-15 23:29 . 2010-10-15 23:29 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\documents and settings\Robert\Local Settings\Application Data\WMTools Downloaded Files
2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\documents and settings\Robert\Application Data\IObit
2010-10-15 23:26 . 2010-10-15 23:26 -------- d-----w- c:\program files\Carbonite
2010-10-15 22:49 . 2010-10-17 16:39 -------- d-----w- c:\program files\Trend Micro
2010-10-15 22:20 . 2010-10-17 16:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-15 01:42 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-15 01:42 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 01:42 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 01:42 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-13 14:46 . 2010-10-13 14:46 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-20 03:05 . 2004-08-04 21:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-09-18 16:23 . 2004-08-04 21:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 21:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 21:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 21:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 08:50 . 2010-06-23 13:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 06:29 . 2010-06-23 13:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-13 20:27 . 2010-09-13 20:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-09 14:16 . 2004-08-04 21:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16 . 2004-08-04 21:00 667136 ----a-w- c:\windows\system32\wininet(2)(2).dll
2010-09-09 14:16 . 2004-08-04 21:00 627712 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2010-09-09 14:16 . 2004-08-04 21:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16 . 2004-08-04 21:00 1510400 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
2010-09-09 14:16 . 2009-09-11 14:21 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49 . 2004-08-04 21:00 369664 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:34 . 2010-07-11 15:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-01 11:51 . 2004-08-04 21:00 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-04 21:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 13:42 . 2004-08-04 21:00 1852800 ----a-w- c:\windows\system32\win32k(2)(2).sys
2010-08-27 08:02 . 2005-10-18 05:14 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-04 21:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 05:57 . 2004-08-04 21:00 99840 ----a-w- c:\windows\system32\srvsvc(2)(2).dll
2010-08-26 13:39 . 2005-05-10 08:17 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2009-08-10 01:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-04 21:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 16:12 . 2004-08-04 21:00 617472 ----a-w- c:\windows\system32\comctl32(2)(2).dll
2010-08-17 13:17 . 2004-08-04 21:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-04 21:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 08:45 . 2004-08-04 21:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(3).dll
.

((((((((((((((((((((((((((((( SnapShot@2010-10-20_03.31.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-22 15:01 . 2010-10-22 15:01 16384 c:\windows\temp\Perflib_Perfdata_848.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-21 7561216]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 61952]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-04 761948]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"nwiz"="nwiz.exe" [2006-04-21 1519616]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-31 202256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
HP Pavilion Webcam Tray Icon.lnk - c:\program files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe [2009-8-9 98304]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqpsapp.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/16/2010 3:57 PM 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/16/2010 3:57 PM 19024]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-10-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-196392244-1619933075-25941823-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-196392244-1619933075-25941823-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uig03ldk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2611275&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Robert\Application Data\Mozilla\Firefox\Profiles\uig03ldk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-10-22 11:06:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 15:06
ComboFix2.txt 2010-10-20 03:33

Pre-Run: 60,972,941,312 bytes free
Post-Run: 60,840,804,352 bytes free

- - End Of File - - 4103D4E3A40BD4104B2DD0EF356D162C
 
I spent a great deal of time searching for a rational reason for the following entries:

rpcrt4.dll? Remote Procedure Call (RPC) API, used by Windows applications for network and Internet communication.
2010-08-16 08:45:00 590848 ---a-w- c:\windows\system32\rpcrt4.(2)(3).dll
2004-08-04 21:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-16 08:45 . 2004-08-04 21:00 590848 ----a-w- c:\windows\system32\rpcrt4(2)(3).dll
.
comctl32.dll? Windows Common Controls Library -
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.(2)(2)dll
2004-08-04 21:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-23 16:12 . 2004-08-04 21:00 617472 ----a-w- c:\windows\system32\comctl32(2)(2).dll

srvsvc.dll> component of the Server Message Block (SMB)
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.2)(2)dll
2004-08-04 21:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 05:57 . 2004-08-04 21:00 99840 ----a-w- c:\windows\system32\srvsvc(2)(2).dll

win32k.sys?> Multi-User Win32 Driver file.
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.(2)(2).sys
2004-08-04 21:00 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-31 13:42 . 2004-08-04 21:00 1852800 ----a-w- c:\windows\system32\win32k(2)(2).sys

urlmon.dll? module that contains functions used by Microsoft OLE (Object Linking and Embedding).
2010-09-09 14:16:31 627712 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2010-09-09 14:16 . 2004-08-04 21:00 627712 ----a-w- c:\windows\system32\urlmon(2)(2).dll

WinNet? part of Windows networking stack
2004-08-04 21:00 667136 ----a-w- c:\windows\system32\wininet(2)(2).dll

shdocvw.dll? Microsoft Shell Doc Object and Control Library.
2010-09-09 14:16 . 2004-08-04 21:00 1510400 ----a-w- c:\windows\system32\shdocvw(2)(2).dll

mfc.dll? module that contains the Microsoft Foundation Classes (MFC) functions used by applications created in Visual C++
2004-08-04 21:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 21:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 21:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 21:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

I found none. You also still have processes for Kasersky setup 10/116, AVG 10 and Avast
Hitman Pro data is also evident.

I do not see anything that will fix this mess and recommend that you do a complete reformat and reinstall.

I don't even know how the system is running with multiples of system files and folders. Perhaps your family has the right idea keeping you away from their systems..
 
Status
Not open for further replies.

Latest posts

Back