Inactive IE and Firefox won't load

K

knewknew

Posts: 14   +0
First thank you for your time. I primarily use Firefox. It would not load yesterday. I tried IE and it would not work either. Safari does work.

I went through the 8 step (condensed 6 step process). I will post my logs separately. The first "malawarebytes" is listed below.


Malwarebyte log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4562

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

9/7/2010 11:41:03 AM
mbam-log-2010-09-07 (11-41-03).txt

Scan type: Quick scan
Objects scanned: 131110
Time elapsed: 9 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Gmer log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-07 14:17:48
Windows 5.1.2600 Service Pack 3
Running: qqws4orv.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awdyapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8596CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8596B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA8597142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA859706C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8596764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8596C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA85966A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8596708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8596D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA8597210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8596D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8596EC8]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xA85A3B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA85A39C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xA85A3AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP A85A3AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP A85A39C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP A859F5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP A85A0F6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1134 7 Bytes JMP A85A3BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[996] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\000000c1 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\BTHUSB \Device\000000bf bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641a2daf5
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641a2daf5 (not active ControlSet)

---- EOF - GMER 1.0.15 ----
 
DDS.txt log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 15:41:32.70 on Tue 09/07/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.754 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\tbh\base\bin\tbhSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kaseya\Agent\AgentMon.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
c:\Program Files\tbh\base\bin\tbhDaemon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Kaseya Agent Service Helper] "c:\program files\kaseya\agent\KaUsrTsk.exe"
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SonicWALLNetExtender] c:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI -clearReboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Hosts: 172.19.10.13 alysheba

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\z0ka85qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z0ka85qq.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\owner\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\z0ka85qq.default\extensions\npnelaunch@sonicwall.com\plugins\npNELaunch.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-6 165456]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-22 108552]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-6 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-9-22 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-22 297752]
R2 KaseyaAgent;Kaseya Agent;c:\program files\kaseya\agent\AgentMon.exe [2009-9-24 610304]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2009-10-22 70952]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-9-6 40384]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2009-10-3 14336]
R3 KAPFA;KAPFA;c:\windows\system32\drivers\KaPFA.sys [2009-9-24 20792]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2009-2-23 20504]
S0 cerc6;cerc6; [x]

=============== Created Last 30 ================


==================== Find3M ====================

2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10:44 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10:44 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-03-11 15:59:33 226656 ------w- c:\program files\cnsload_1268323173156.tmp
2009-10-04 00:56:42 608 --sha-w- c:\windows\system32\winzvprt5.sys

============= FINISH: 15:42:15.21 ===============
 
Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2009 5:04:55 PM
System Uptime: 9/7/2010 2:52:08 PM (1 hours ago)

Motherboard: Dell Inc. | |
Processor: Genuine Intel(R) CPU U2500 @ 1.20GHz | Microprocessor | 1197/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 42.146 GiB free.
D: is FIXED (NTFS) - 149 GiB total, 107.718 GiB free.
E: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Biometric Coprocessor
Device ID: USB\VID_0483&PID_2016\7&37D503E&0&1
Manufacturer:
Name: Biometric Coprocessor
PNP Device ID: USB\VID_0483&PID_2016\7&37D503E&0&1
Service:

==== System Restore Points ===================

RP253: 6/10/2010 8:12:21 AM - Software Distribution Service 3.0
RP254: 6/11/2010 10:37:09 AM - System Checkpoint
RP255: 6/12/2010 11:09:03 AM - System Checkpoint
RP256: 6/13/2010 11:11:10 AM - System Checkpoint
RP257: 6/14/2010 1:07:23 PM - System Checkpoint
RP258: 6/15/2010 1:27:14 PM - System Checkpoint
RP259: 6/16/2010 5:17:41 PM - System Checkpoint
RP260: 6/17/2010 5:29:23 PM - System Checkpoint
RP261: 6/18/2010 6:10:26 PM - System Checkpoint
RP262: 6/19/2010 6:13:56 PM - System Checkpoint
RP263: 6/21/2010 9:03:29 AM - System Checkpoint
RP264: 6/22/2010 9:44:24 AM - Avg8 Update
RP265: 6/23/2010 9:47:57 AM - System Checkpoint
RP266: 6/24/2010 8:34:15 AM - Software Distribution Service 3.0
RP267: 6/25/2010 8:43:25 AM - System Checkpoint
RP268: 6/26/2010 9:32:56 AM - System Checkpoint
RP269: 6/27/2010 11:54:12 AM - System Checkpoint
RP270: 6/28/2010 12:57:19 PM - System Checkpoint
RP271: 6/29/2010 2:42:03 PM - System Checkpoint
RP272: 6/30/2010 3:15:37 PM - System Checkpoint
RP273: 7/1/2010 4:18:39 PM - System Checkpoint
RP274: 7/4/2010 7:16:38 PM - System Checkpoint
RP275: 7/5/2010 8:58:09 PM - System Checkpoint
RP276: 7/7/2010 12:07:14 AM - System Checkpoint
RP277: 7/8/2010 11:14:25 AM - System Checkpoint
RP278: 7/9/2010 8:49:39 AM - Avg8 Update
RP279: 7/9/2010 8:52:00 AM - Avg8 Update
RP280: 7/10/2010 9:32:59 AM - System Checkpoint
RP281: 7/12/2010 8:27:42 AM - System Checkpoint
RP282: 7/13/2010 9:39:14 AM - System Checkpoint
RP283: 7/14/2010 8:23:30 AM - Software Distribution Service 3.0
RP284: 7/15/2010 11:34:20 AM - System Checkpoint
RP285: 7/16/2010 12:23:41 PM - System Checkpoint
RP286: 7/17/2010 2:14:16 PM - System Checkpoint
RP287: 7/19/2010 11:10:31 AM - System Checkpoint
RP288: 7/20/2010 12:46:49 PM - System Checkpoint
RP289: 7/21/2010 1:12:49 PM - System Checkpoint
RP290: 7/22/2010 1:59:00 PM - System Checkpoint
RP291: 7/23/2010 2:48:50 PM - System Checkpoint
RP292: 7/24/2010 9:51:04 PM - System Checkpoint
RP293: 7/26/2010 10:45:42 AM - System Checkpoint
RP294: 7/27/2010 11:38:59 AM - System Checkpoint
RP295: 7/28/2010 5:25:55 PM - System Checkpoint
RP296: 7/29/2010 6:04:42 PM - System Checkpoint
RP297: 7/30/2010 6:47:24 PM - System Checkpoint
RP298: 7/31/2010 7:47:26 PM - System Checkpoint
RP299: 8/1/2010 7:48:26 PM - System Checkpoint
RP300: 8/2/2010 9:27:35 PM - System Checkpoint
RP301: 8/4/2010 8:31:49 AM - Software Distribution Service 3.0
RP302: 8/5/2010 11:08:47 AM - System Checkpoint
RP303: 8/6/2010 11:52:24 AM - System Checkpoint
RP304: 8/7/2010 2:24:25 PM - System Checkpoint
RP305: 8/8/2010 8:51:22 PM - System Checkpoint
RP306: 8/10/2010 2:07:27 PM - System Checkpoint
RP307: 8/11/2010 10:27:01 PM - System Checkpoint
RP308: 8/12/2010 8:47:42 AM - Software Distribution Service 3.0
RP309: 8/13/2010 8:54:12 AM - System Checkpoint
RP310: 8/14/2010 9:12:03 AM - System Checkpoint
RP311: 8/15/2010 10:15:34 AM - System Checkpoint
RP312: 8/15/2010 11:33:15 AM - Installed DartViewer.
RP313: 8/16/2010 11:58:02 AM - System Checkpoint
RP314: 8/17/2010 12:32:20 PM - System Checkpoint
RP315: 8/18/2010 12:52:37 PM - System Checkpoint
RP316: 8/19/2010 2:46:29 PM - System Checkpoint
RP317: 8/20/2010 3:20:12 PM - System Checkpoint
RP318: 8/21/2010 8:37:58 PM - System Checkpoint
RP319: 8/22/2010 9:22:32 PM - System Checkpoint
RP320: 8/24/2010 8:48:49 AM - System Checkpoint
RP321: 8/25/2010 2:30:05 PM - System Checkpoint
RP322: 8/26/2010 2:32:19 PM - System Checkpoint
RP323: 8/27/2010 3:07:06 PM - System Checkpoint
RP324: 8/28/2010 3:54:44 PM - System Checkpoint
RP325: 8/29/2010 11:11:53 PM - System Checkpoint
RP326: 8/30/2010 11:13:04 PM - System Checkpoint
RP327: 9/1/2010 7:38:57 AM - System Checkpoint
RP328: 9/2/2010 10:13:38 AM - System Checkpoint
RP329: 9/3/2010 10:31:36 AM - System Checkpoint
RP330: 9/4/2010 11:02:35 AM - System Checkpoint
RP331: 9/5/2010 10:35:21 AM - Software Distribution Service 3.0
RP332: 9/6/2010 1:06:18 PM - System Checkpoint
RP333: 9/6/2010 6:02:47 PM - avast! Free Antivirus Setup

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.3 Standard
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
AVG Free 8.5
Bonjour
Broadcom Gigabit Integrated Controller
Browser Highlighter - Firefox
CardRecovery 5.30
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Coupon Printer for Windows
CustomerResearchQFolder
DartViewer
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
FileOpen Client Installer
GoToMeeting 4.5.0.456
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 9.0
HP LaserJet M2727 MFP Series 1.0
HP Update
hppFaxDrvM2727
hppFaxUtility
hppFonts
hppIOFiles
hppLJM2727
hppManualsM2727
hppscanM2727
hppScanTo
hppSendFax
hppTLBXFXM2727
hppusgM2727
HPSSupply
hpzTLBXFX
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java(TM) 6 Update 16
Kaseya Agent
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.5.11)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
OGA Notifier 2.0.0048.0
OMCI
Oracle Web Conferencing Console
Photo Viewer
PowerDVD
Product_Min_QFolder
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Safari
Scan
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SigmaTel Audio
Skype Toolbars
Skype™ 4.2
SmartSound Quicktracks for Premiere Elements
SonicWALL SSL-VPN NetExtender
Sprint Mobile Broadband (Sierra)
Uninstall Digital Binoculars Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual Labels
WebEx
WebFldrs XP
WebReg
WildTangent Games
Windows Driver Package - (mr7910) Image (08/08/2006 1.4.0.0)
Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
Windows Genuine Advantage Notifications (KB905474)
WinZip 14.5

==== Event Viewer Messages From Past Week ========

9/7/2010 11:09:12 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:12 AM, error: Service Control Manager [7034] - The FLEXnet Licensing Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The The Browser Highlighter Monitor service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The SonicWALL NetExtender Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:11 AM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless SSO Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:10 AM, error: Service Control Manager [7034] - The SPCSUtilityService service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:06 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Iap service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:04 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:04 AM, error: Service Control Manager [7031] - The AVG Free8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
9/7/2010 11:09:03 AM, error: Service Control Manager [7034] - The Adobe Active File Monitor V7 service terminated unexpectedly. It has done this 1 time(s).
9/7/2010 11:09:03 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/7/2010 11:08:59 AM, error: Service Control Manager [7034] - The Intel® PROSet/Wireless WiFi Service service terminated unexpectedly. It has done this 1 time(s).
9/6/2010 6:07:07 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/6/2010 12:23:49 PM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0018DE9C2EA8 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
9/3/2010 9:36:52 PM, error: PSched [14103] - QoS [Adapter {40EFF117-EC32-40A7-9AF8-DB6616E9A5FC}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
9/3/2010 9:36:52 PM, error: NETw5x32 [43] -
8/31/2010 1:24:04 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/31/2010 1:20:51 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

==== End Of File ===========================
 
Update

Just to let you know, after going through the 8 step (6 step) process, I clicked on Firefox and the browser now works.

I'm really not sure what the issue is and if I had something going on in the background. Avast did not pick anything up and the malwarebytes program did not note any infected files. I'm not really sure what the other programs do but perhaps they cleaned something up.

If you see anything I need to do, please let me know.

Again, thank you for your time.

Knew
 
You're running two AV programs, Avast and AVG.
One of them has to go.
If AVG (preferably), make sure to use AVG Remover: http://www.avg.com/us-en/download-tools

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thank you very much for your response. I will do as you have instructed and will post after it has completed.

Again thanks....and by the way, I'll get rid of AVG... :)
 
MBRcheck.......txt file

Here is the txt file from the MBRCheck.exe

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000001dc

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0D8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F13000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EF3000 fltMgr.sys
0xB9EE1000 sr.sys
0xBA118000 PxHelp20.sys
0xB9ECA000 KSecDD.sys
0xB9E3D000 Ntfs.sys
0xB9E10000 NDIS.sys
0xB9DF6000 Mup.sys
0xBA138000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA288000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA588000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA58C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9388000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB9374000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB934C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8FD5000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB8FB2000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA458000 \SystemRoot\System32\drivers\swmsflt.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8F8E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8F7A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xB8F4E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8ED3000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA478000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA73D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA598000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8EBC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA480000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8EAB000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA488000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA490000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8E7B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB9DC2000 \SystemRoot\system32\DRIVERS\SSLDrv.sys
0xBA5CC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8E58000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8DFA000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DBE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA318000 \SystemRoot\system32\DRIVERS\omci.sys
0xBA148000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA54C000 \SystemRoot\system32\DRIVERS\sffp_sd.sys
0xBA554000 \SystemRoot\system32\DRIVERS\sffdisk.sys
0xA8B54000 \SystemRoot\system32\drivers\sthda.sys
0xA8B30000 \SystemRoot\system32\drivers\portcls.sys
0xBA188000 \SystemRoot\system32\drivers\drmk.sys
0xA8AF6000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0xA89FF000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0xA8949000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA5E8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA777000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EA000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA360000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA368000 \SystemRoot\System32\drivers\vga.sys
0xBA5EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA370000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA378000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA564000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8916000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA88BD000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA1C8000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA886F000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8847000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA8825000 \SystemRoot\System32\drivers\afd.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA87FA000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA878A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA208000 \SystemRoot\System32\Drivers\Fips.SYS
0xA8763000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA388000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xA8717000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBA390000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA228000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA238000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA398000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB991D000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA3A8000 \SystemRoot\system32\drivers\hpfxbulk.sys
0xBA248000 \SystemRoot\system32\drivers\hpfxgen.sys
0xBA258000 \SystemRoot\system32\drivers\hpfxfax.sys
0xBA3C0000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA8634000 \SystemRoot\System32\Drivers\bthport.sys
0xBA268000 \SystemRoot\system32\DRIVERS\usbccid.sys
0xB9911000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xA861C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5FC000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9905000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3D8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA706000 \SystemRoot\System32\drivers\dxgthk.sys
0xBA298000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA8603000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1D8000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA85EF000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA84F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA84EF000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xA8344000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA7FA7000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7F6A000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8184000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7FE8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA7B75000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7705000 \??\C:\WINDOWS\system32\drivers\KAPFA.SYS
0xBA358000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA751C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
468 C:\WINDOWS\system32\smss.exe
860 csrss.exe
940 C:\WINDOWS\system32\winlogon.exe
984 C:\WINDOWS\system32\services.exe
996 C:\WINDOWS\system32\lsass.exe
1160 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1248 C:\WINDOWS\system32\svchost.exe
1328 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
1408 svchost.exe
1472 svchost.exe
1724 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1940 C:\WINDOWS\explorer.exe
580 C:\WINDOWS\system32\spoolsv.exe
628 scardsvr.exe
708 svchost.exe
892 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
108 C:\WINDOWS\system32\svchost.exe
112 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1128 C:\Program Files\Bonjour\mDNSResponder.exe
1284 svchost.exe
1300 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1508 C:\WINDOWS\system32\svchost.exe
1584 C:\Program Files\Dell\OpenManage\Client\Iap.exe
1736 C:\Program Files\Java\jre6\bin\jqs.exe
1840 C:\Program Files\Kaseya\Agent\AgentMon.exe
1956 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2088 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
2112 C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
2128 C:\WINDOWS\system32\svchost.exe
2188 C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
2264 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
2284 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe
2384 C:\Program Files\tbh\base\bin\tbhDaemon.exe
2568 wmiprvse.exe
2976 alg.exe
3644 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
3668 C:\WINDOWS\system32\hkcmd.exe
3720 C:\WINDOWS\system32\igfxsrvc.exe
3732 C:\WINDOWS\system32\igfxpers.exe
3800 C:\Program Files\DellTPad\Apoint.exe
3844 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
3856 C:\Program Files\DellTPad\ApMsgFwd.exe
3864 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
3904 C:\Program Files\DellTPad\hidfind.exe
3912 C:\Program Files\DellTPad\ApntEx.exe
3920 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
3944 C:\WINDOWS\system32\rundll32.exe
3956 C:\Program Files\Java\jre6\bin\jusched.exe
3980 C:\Program Files\Kaseya\Agent\KaUsrTsk.exe
4008 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
4052 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
4084 C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
168 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
216 C:\Program Files\tbh\base\bin\tbhSystray.exe
1436 C:\Program Files\iTunes\iTunesHelper.exe
1872 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2040 C:\WINDOWS\system32\ctfmon.exe
2744 C:\Program Files\Skype\Phone\Skype.exe
3440 C:\Program Files\WinZip\WZQKPICK.EXE
3448 C:\WINDOWS\system32\wbem\unsecapp.exe
1180 wmiprvse.exe
1616 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
4044 C:\Program Files\iPod\bin\iPodService.exe
2708 C:\Program Files\Safari\Safari.exe
2764 C:\Documents and Settings\Owner\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK8025GAL, Rev: BD102A
PhysicalDrive2 Model Number: Maxtor2, Rev: 0344

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
149 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Combox fix

I downloaded and ran the AVG remover tool.

Next I downloaded and ran the MBRCheck.exe file and posted the results.

I then downloaded ComboFix to my desktop. I disabled my avast before running. When I clicked on Combofix it tells me that AVG is still Active.

I'm afraid to click 'OK'. Any suggestions before I move forward with combofix?
 
I ran combofix and the log is below. I totally forgot about having my external hard drive attached when I ran all of my logs. Drive D is my external Hard drive. I detached it when running combofix.

Knew


ComboFix 10-09-08.01 - Owner 09/08/2010 21:39:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.858 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\g2mdlhlpx.exe
c:\program files\cnsload_1268323173156.tmp

.
((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-07 15:30 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 15:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 15:30 . 2010-09-07 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-06 22:07 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 22:03 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 22:03 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-06 22:03 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-06 22:03 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-06 22:03 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-06 22:03 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-06 22:03 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 22:02 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-06 22:02 . 2010-09-06 22:02 -------- d-----w- c:\program files\Alwil Software
2010-09-06 22:02 . 2010-09-06 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-08-15 15:33 . 2010-08-15 15:33 4710 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{BBF7D230-8F25-4041-90A9-73FD03BE8640}\ARPPRODUCTICON.exe
2010-08-15 15:33 . 2010-08-15 15:33 -------- d-----w- c:\program files\Dartfish

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 01:44 . 2009-12-07 18:26 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-08 12:21 . 2010-02-07 17:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-09-08 12:15 . 2009-09-22 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-07 11:56 . 2010-03-14 00:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 01:33 . 2009-11-02 20:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-08-31 18:03 . 2010-01-20 20:53 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-08-08 16:27 . 2010-08-08 16:24 -------- d-----w- c:\program files\iTunes
2010-08-08 16:25 . 2010-08-08 16:25 -------- d-----w- c:\program files\iPod
2010-08-08 16:25 . 2009-11-02 20:52 -------- d-----w- c:\program files\Common Files\Apple
2010-08-08 16:12 . 2010-08-08 16:12 -------- d-----w- c:\program files\Bonjour
2010-08-08 16:09 . 2010-08-08 16:09 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-08-08 15:55 . 2010-05-03 17:32 -------- d-----w- c:\program files\Safari
2010-08-08 15:51 . 2010-08-08 15:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-04 20:47 . 2010-02-07 17:33 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-07-26 19:19 . 2010-07-26 19:19 -------- d-----w- c:\program files\Common Files\Skype
2010-06-30 12:31 . 2008-04-14 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:10 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:10 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-04-14 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-04-14 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-09-21 20:59 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-02-18 14:58 . 2010-02-18 14:58 28472 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2010-02-18 14:58 . 2010-02-18 14:58 185224 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2010-02-18 14:58 . 2010-02-18 14:59 46392 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2010-02-18 14:59 . 2010-02-18 14:59 99208 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2009-10-04 00:56 . 2009-10-04 00:56 608 --sha-w- c:\windows\system32\winzvprt5.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-31 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-31 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-30 138008]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-22 149280]
"Kaseya Agent Service Helper"="c:\program files\Kaseya\Agent\KaUsrTsk.exe" [2008-09-04 229376]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-07-30 53248]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2009-03-02 710480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"tbhSystray"="c:\program files\tbh\base\bin\tbhSystray.exe" [2010-09-08 492840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\hp laserjet m2727\\hppfaxnc0.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\tbh\\base\\bin\\tbhDaemon.exe"=
"c:\\Program Files\\tbh\\monitor\\bin\\tbhMonitor.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5191:TCP"= 5191:TCP:The Browser Highlighter XCOM
"1074:TCP"= 1074:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/6/2010 6:03 PM 165456]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 1:03 PM 169312]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/6/2010 6:03 PM 17744]
R2 KaseyaAgent;Kaseya Agent;c:\program files\Kaseya\Agent\AgentMon.exe [9/24/2009 6:34 PM 610304]
R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [10/22/2009 2:57 PM 70952]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [10/3/2009 8:49 PM 14336]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/23/2009 5:55 PM 20504]
S0 cerc6;cerc6; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-08 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\z0ka85qq.default\extensions\npNELaunch@sonicwall.com\plugins\npNELaunch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-08 21:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\windows\system32\netprovcredman.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-09-08 21:46:10
ComboFix-quarantined-files.txt 2010-09-09 01:46

Pre-Run: 45,573,722,112 bytes free
Post-Run: 45,558,243,328 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 15BFA901BB702C92CCC37EF1F0C50928
 
How is Firefox and IE?


Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Greetings. I tried running OTL but it froze up during the execution. I'm going to try and run it one more time......crossing fingers...

Knew
 
Greetings again. I tried to run OTL again but once again it freezes my computer. Do you think there could be another issue?

Did I have a virus?

sorry for all of the questions...I just want to make sure that whatever happened does not happen again.

Knew
 

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
8K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
D
Solved What is PUP.Optional.Legacy, and where is the repeated infecton coming from?
Replies
3
Views
8K
Broni
Broni

Latest posts

Back