Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Search redirects and Firefox crashes

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Search redirects and Firefox crashes

Unread postby hjohn23 » April 23rd, 2010, 5:16 pm

Beginning yesterday, some Google search results would redirect to a page other than the page specified in the search result's URL, usually some search engine looking page I've never heard of. These redirects would not happen if I typed the URL in manually. I ran AVG and Spybot S&D, but found nothing. During a Malwarebytes scan AVG alerted me to a potential infection and prompted me to take action. The Malwarebytes scan found nothing. After this, the redirect problem seemed to clear up, but it started again today. I also run HitManPro for redundancy, and it too has found nothing. Additionally, Google Chrome no longer loads any pages, but Firefox will. I have not tested IE yet. Firefox does not seem to be redirecting my search results, but it does periodically open another tab without my input displaying a page similar to the ones I was seeing yesterday. Firefox will also periodically close, prompting me to send an error report. This has not happened for roughly an hour now, where Firefox would normally close after just a few minutes of browsing. The last thing is I have received a window saying "Generic Host Process for Win32 Service has encountered a problem and needs to close" prompting me to send an error report. This has happened twice now since yesterday.

Here is my HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:23 PM, on 4/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6471 bytes

Sorry, forgot to add the Uninstall Log, so I edited the post to include it, hope that's okay.

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.5
ASUSUpdate
AVG Free 9.0
CCleaner
Counter-Strike: Source
CPUID HWMonitor 1.14
Dragon Age: Origins
Galactic Civilizations II
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman Pro 3.5
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PRO Network Connections Drivers
Java(TM) 6 Update 19
Linksys Wireless-G PCI Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Morrowind
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Sid Meier's Civilization 4
Source SDK
Source SDK Base
Spybot - Search & Destroy
Steam
Sunbelt Personal Firewall
TeamSpeak 2 RC2
TES Construction Set
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
WinRAR archiver
World of Warcraft
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top
Advertisement
Register to Remove

Re: Search redirects and Firefox crashes

Unread postby melboy » April 25th, 2010, 5:25 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please DO NOT run any other tools or scans whilst I am helping you.
  5. It is important that you reply to this thread. Do not start a new topic.
  6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  7. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================================================


DDS

Please disable any anti-malware program that will block scripts from running before running DDS.

Please download DDS from one of the links below and save it to your desktop:

Link1
Link2
Link3

Disable any script blocker, and then double click dds.scr to run the tool. A command window will appear, this is normal.

Image
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

Please copy & paste the contents of :
  • DDS.txt
  • Attach.txt
And post them in your next reply.



Gmer

Download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.



In your next reply:
  1. DDS.txt
  2. Attach.txt
  3. GMER log
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » April 26th, 2010, 1:56 am

Here are the DDS logs. I tried to run GMER, but kept getting a blue screed, then my system would immediately reboot. Should I try running the GMER scan in Safe Mode? Any suggestions other than keep trying? I'll try running another scan in the morning, and I'll upload the logs if it completes.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Heinrich at 22:04:32.54 on Sun 04/25/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1125 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
svchost.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\Heinrich\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\heinrich\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heinrich\applic~1\mozilla\firefox\profiles\h3bblgkv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\microsoft\search enhancement pack\search helper\firefoxextension\searchhelperextension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\heinrich\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-22 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-22 242896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-2-22 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-7-22 78848]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-9 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-9 308064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-2-22 65576]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2009-2-22 5824]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-16 12672]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-2-18 25832]
S3 pfsvgae;pfsvgae;c:\docume~1\heinrich\locals~1\temp\pfsvgae.sys [2004-1-20 29696]

=============== Created Last 30 ================

2010-04-23 21:03:00 0 d-----w- c:\program files\Trend Micro
2010-04-23 01:59:13 0 d-----w- c:\windows\pss
2010-04-23 01:51:23 0 d-----w- c:\program files\CCleaner
2010-04-22 23:36:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-22 23:35:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-22 23:35:48 0 d-----w- c:\program files\Hitman Pro 3.5
2010-03-31 22:53:08 0 d-----w- c:\docume~1\heinrich\applic~1\My Games
2010-03-31 22:20:22 0 d-----w- c:\program files\Firaxis Games
2010-03-31 05:40:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-03-27 21:39:42 0 d-----w- c:\program files\Sierra

==================== Find3M ====================

2010-04-25 17:40:53 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-20 16:18:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 22:50:54 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-31 05:39:50 349 ----a-w- c:\program files\INSTALL.LOG
2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 16:31:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:31:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2003-12-18 18:33:46 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 14:46:54 10960 ----a-w- c:\program files\EULA.txt

============= FINISH: 22:06:25.17 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2009 10:14:24 AM
System Uptime: 4/24/2010 4:18:21 PM (30 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5LD2-VM
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | LGA 775 | 2667/133mhz
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | LGA 775 | 2667/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 6.423 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_1283&DEV_8211&SUBSYS_81381043&REV_11\4&CF81C54&0&20F0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1283&DEV_8211&SUBSYS_81381043&REV_11\4&CF81C54&0&20F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Service:

==== System Restore Points ===================

RP319: 1/25/2010 11:15:31 PM - System Checkpoint
RP320: 1/27/2010 12:45:17 AM - System Checkpoint
RP321: 1/28/2010 8:36:24 AM - System Checkpoint
RP322: 1/29/2010 1:46:30 PM - System Checkpoint
RP323: 1/30/2010 3:26:12 PM - System Checkpoint
RP324: 1/31/2010 4:40:57 PM - System Checkpoint
RP325: 2/1/2010 5:08:35 PM - System Checkpoint
RP326: 2/1/2010 5:45:39 PM - Installed Java(TM) 6 Update 17
RP327: 2/1/2010 5:46:30 PM - Installed MSN Toolbar Setup
RP328: 2/2/2010 9:16:48 AM - Avg8 Update
RP329: 2/3/2010 12:03:23 PM - System Checkpoint
RP330: 2/4/2010 12:57:54 PM - System Checkpoint
RP331: 2/5/2010 2:33:01 PM - System Checkpoint
RP332: 2/6/2010 3:06:57 PM - System Checkpoint
RP333: 2/7/2010 5:27:28 PM - System Checkpoint
RP334: 2/8/2010 6:04:52 PM - System Checkpoint
RP335: 2/9/2010 7:10:48 PM - System Checkpoint
RP336: 2/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP337: 2/11/2010 8:57:16 AM - System Checkpoint
RP338: 2/12/2010 1:34:26 PM - System Checkpoint
RP339: 2/13/2010 4:13:52 PM - System Checkpoint
RP340: 2/14/2010 5:09:45 PM - System Checkpoint
RP341: 2/16/2010 12:25:07 AM - System Checkpoint
RP342: 2/17/2010 5:48:12 PM - System Checkpoint
RP343: 2/18/2010 6:52:36 PM - Removed Neverwinter Nights 2
RP344: 2/18/2010 6:53:30 PM - Removed Oblivion
RP345: 2/18/2010 7:23:46 PM - Installed DirectX
RP346: 2/20/2010 4:14:47 PM - System Checkpoint
RP347: 2/21/2010 4:40:37 PM - System Checkpoint
RP348: 2/24/2010 2:37:05 AM - System Checkpoint
RP349: 2/24/2010 3:00:16 AM - Software Distribution Service 3.0
RP350: 2/24/2010 10:31:45 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP351: 2/24/2010 10:32:06 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP352: 2/26/2010 1:55:42 AM - System Checkpoint
RP353: 2/27/2010 3:01:43 AM - System Checkpoint
RP354: 2/28/2010 5:13:25 PM - System Checkpoint
RP355: 3/1/2010 5:57:28 PM - System Checkpoint
RP356: 3/3/2010 2:32:15 AM - System Checkpoint
RP357: 3/4/2010 7:22:36 PM - System Checkpoint
RP358: 3/5/2010 7:34:06 PM - System Checkpoint
RP359: 3/6/2010 8:06:44 PM - System Checkpoint
RP360: 3/7/2010 11:32:08 PM - System Checkpoint
RP361: 3/8/2010 9:34:21 AM - Avg8 Update
RP362: 3/9/2010 8:31:15 AM - Installed AVG Free 9.0
RP363: 3/10/2010 3:46:18 PM - System Checkpoint
RP364: 3/11/2010 2:06:55 AM - Software Distribution Service 3.0
RP365: 3/12/2010 3:18:34 PM - System Checkpoint
RP366: 3/13/2010 3:31:50 PM - System Checkpoint
RP367: 3/14/2010 4:56:50 PM - System Checkpoint
RP368: 3/15/2010 5:11:26 PM - System Checkpoint
RP369: 3/17/2010 2:10:40 AM - System Checkpoint
RP370: 3/17/2010 1:01:55 PM - Avg Update
RP371: 3/18/2010 6:17:07 PM - System Checkpoint
RP372: 3/20/2010 11:28:26 AM - System Checkpoint
RP373: 3/21/2010 2:55:10 PM - System Checkpoint
RP374: 3/22/2010 4:34:30 PM - System Checkpoint
RP375: 3/23/2010 6:07:57 PM - System Checkpoint
RP376: 3/24/2010 11:46:01 PM - System Checkpoint
RP377: 3/26/2010 6:04:19 PM - System Checkpoint
RP378: 3/27/2010 6:51:46 PM - System Checkpoint
RP379: 3/28/2010 7:08:35 PM - System Checkpoint
RP380: 3/31/2010 3:00:16 AM - Software Distribution Service 3.0
RP381: 3/31/2010 1:44:58 PM - Installed Java(TM) 6 Update 19
RP382: 3/31/2010 3:20:26 PM - Installed Sid Meier's Civilization 4
RP383: 3/31/2010 3:47:38 PM - Configured Sid Meier's Civilization 4
RP384: 4/1/2010 10:15:27 AM - Avg Update
RP385: 4/1/2010 10:16:44 AM - Avg Update
RP386: 4/2/2010 5:02:00 PM - System Checkpoint
RP387: 4/3/2010 5:29:23 PM - System Checkpoint
RP388: 4/4/2010 7:08:25 PM - System Checkpoint
RP389: 4/5/2010 8:03:00 PM - System Checkpoint
RP390: 4/7/2010 1:10:13 PM - Avg Update
RP391: 4/8/2010 3:53:18 PM - System Checkpoint
RP392: 4/9/2010 11:09:16 PM - System Checkpoint
RP393: 4/11/2010 2:32:43 AM - System Checkpoint
RP394: 4/12/2010 1:38:47 PM - System Checkpoint
RP395: 4/13/2010 2:07:56 PM - System Checkpoint
RP396: 4/14/2010 3:00:16 AM - Software Distribution Service 3.0
RP397: 4/15/2010 3:00:15 AM - Software Distribution Service 3.0
RP398: 4/16/2010 5:00:23 PM - System Checkpoint
RP399: 4/17/2010 8:04:38 PM - System Checkpoint
RP400: 4/18/2010 8:37:26 PM - System Checkpoint
RP401: 4/20/2010 8:58:47 AM - System Checkpoint
RP402: 4/20/2010 9:17:37 AM - Avg Update
RP403: 4/20/2010 9:18:45 AM - Avg Update
RP404: 4/21/2010 9:38:48 AM - System Checkpoint
RP405: 4/22/2010 10:49:28 AM - System Checkpoint
RP406: 4/23/2010 4:41:27 PM - System Checkpoint
RP407: 4/24/2010 5:03:22 PM - System Checkpoint
RP408: 4/25/2010 5:24:12 PM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.5
ASUSUpdate
AVG Free 9.0
CCleaner
Counter-Strike: Source
CPUID HWMonitor 1.14
Dragon Age: Origins
Galactic Civilizations II
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman Pro 3.5
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 19
Linksys Wireless-G PCI Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Morrowind
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Sid Meier's Civilization 4
Source SDK
Source SDK Base
Spybot - Search & Destroy
Steam
Sunbelt Personal Firewall
TeamSpeak 2 RC2
TES Construction Set
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
WebFldrs XP
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

4/22/2010 9:37:03 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014BF794949. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
4/22/2010 10:44:00 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/22/2010 10:44:00 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
4/20/2010 7:52:23 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0014BF794949 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » April 26th, 2010, 8:02 am

Hi

As per my previous instructions for running GMER to Uncheck:

  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

Also Uncheck:

  • Devices

See if that enables you to run GMER successfully. If it still fails, try to run it in safe mode:.

Booting into Safe Mode safely
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » April 27th, 2010, 12:25 am

Finally got GMER to finish scanning by booting in safe mode. Here's what I got.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-26 21:03:24
Windows 5.1.2600 Service Pack 2
Running: 3lrurcpp.exe; Driver: C:\DOCUME~1\Heinrich\LOCALS~1\Temp\fxtdipob.sys


---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\pciide.sys entry point in ".rsrc" section [0xF7A4F814]
.text C:\WINDOWS\system32\drivers\SSHDRV85.sys section is writeable [0xBA555000, 0x24A24, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\SSHDRV85.sys entry point in ".pklstb" section [0xBA588000]
.relo2 C:\WINDOWS\system32\drivers\SSHDRV85.sys unknown last section [0xBA59E000, 0x8E, 0x42000040]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0080000C
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009F000A
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00AD000A
.text C:\WINDOWS\Explorer.EXE[848] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 009E000C

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\pciide.sys suspicious modification

---- EOF - GMER 1.0.15 ----
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » April 27th, 2010, 7:52 am

Hi


Good work!



ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix: Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    For instructions on how to disable your security programs, please see this topic:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » April 27th, 2010, 2:26 pm

I'm at class presently so I'll run this when I get home this evening. Should I disconnect from the internet while running this as well?
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » April 27th, 2010, 3:11 pm

Hi

Should I disconnect from the internet while running this


No, there is no need to disconnect from the Internet.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » April 29th, 2010, 12:11 am

Here's the ComboFix log. Also, after ComboFix ran, I noticed there is now an Internet Explorer icon on my desktop. ComboFix downloaded and installed Windows Recovery Console, so I'm assuming the recovery console put the icon there, but I figured I'd mention it.

ComboFix 10-04-28.03 - Heinrich 04/28/2010 20:51:14.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1614 [GMT -7:00]
Running from: c:\documents and settings\Heinrich\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-29 )))))))))))))))))))))))))))))))
.

2010-04-23 21:03 . 2010-04-23 21:03 -------- d-----w- c:\program files\Trend Micro
2010-04-23 01:51 . 2010-04-23 01:56 -------- d-----w- c:\program files\CCleaner
2010-04-22 23:36 . 2010-04-26 05:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-22 23:04 . 2010-04-22 23:04 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-22 19:24 . 2010-04-22 19:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-22 19:20 . 2010-04-22 19:20 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-08 08:40 . 2010-04-28 01:21 0 ----a-w- c:\documents and settings\Heinrich\Local Settings\Application Data\prvlcl.dat
2010-03-31 22:53 . 2010-03-31 22:53 -------- d-----w- c:\documents and settings\Heinrich\Application Data\My Games
2010-03-31 22:20 . 2010-03-31 22:20 -------- d-----w- c:\program files\Firaxis Games
2010-03-31 20:47 . 2010-03-31 20:47 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 20:46 . 2010-03-31 20:46 503808 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcp71.dll
2010-03-31 20:46 . 2010-03-31 20:46 61440 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-sse.dll
2010-03-31 20:46 . 2010-03-31 20:46 499712 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\jmc.dll
2010-03-31 20:46 . 2010-03-31 20:46 348160 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcr71.dll
2010-03-31 20:46 . 2010-03-31 20:46 12800 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-d3d.dll
2010-03-31 05:40 . 2010-04-23 07:46 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-29 02:43 . 2004-08-04 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-29 01:59 . 2009-06-26 22:42 -------- d-----w- c:\program files\Steam
2010-04-27 09:28 . 2009-11-22 00:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 05:43 . 2009-02-22 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 01:54 . 2009-02-22 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-22 23:04 . 2010-01-03 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-22 09:48 . 2009-03-13 22:53 -------- d-----w- c:\documents and settings\Heinrich\Application Data\uTorrent
2010-04-22 04:29 . 2009-09-22 21:52 1 ----a-w- c:\documents and settings\Heinrich\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-20 16:18 . 2009-02-22 19:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 04:01 . 2009-02-22 21:40 -------- d-----w- c:\program files\World of Warcraft
2010-03-31 22:50 . 2004-08-04 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-31 22:20 . 2009-02-22 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 20:45 . 2009-09-22 21:47 -------- d-----w- c:\program files\Java
2010-03-30 07:46 . 2010-01-03 20:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45 . 2010-01-03 20:21 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-27 21:39 . 2010-03-27 21:39 -------- d-----w- c:\program files\Sierra
2010-03-24 22:43 . 2010-03-24 22:43 272384 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Modules\curl.exe
2010-03-24 22:43 . 2010-03-24 22:43 258048 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2010-03-24 22:43 . 2010-03-24 22:43 196608 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2010-03-24 22:43 . 2010-03-24 22:43 -------- d-----w- c:\documents and settings\Heinrich\Application Data\Acreon
2010-03-15 20:07 . 2009-03-13 22:53 -------- d-----w- c:\program files\uTorrent
2010-03-10 08:02 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 17:26 . 2009-11-24 06:06 -------- d-----w- c:\program files\Warcraft III
2010-03-09 16:31 . 2009-02-22 19:16 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 16:31 . 2010-03-09 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-09 16:31 . 2009-02-22 19:16 -------- d-----w- c:\program files\AVG
2010-03-09 11:28 . 2009-03-07 00:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 06:12 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-02 01:44 . 2010-02-02 01:44 152576 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-02-02 01:44 . 2010-02-02 01:44 79488 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2003-12-18 18:33 . 2010-03-31 05:39 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 14:46 . 2010-03-31 05:39 10960 ----a-w- c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"Google Update"="c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"SkyTel"="SkyTel.EXE" [2009-02-22 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-22 16262656]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-09 16:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Heinrich^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Heinrich\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/22/2009 12:16 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/22/2009 12:16 PM 242896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2/22/2009 12:52 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [7/22/2009 8:28 PM 78848]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/9/2010 9:31 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/9/2010 9:31 AM 308064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2/22/2009 12:52 PM 65576]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2/22/2009 1:14 PM 5824]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2/18/2010 8:14 PM 25832]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\Heinrich\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Heinrich\LOCALS~1\Temp\pfsvgae.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004Core.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]

2010-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004UA.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\documents and settings\Heinrich\Application Data\Mozilla\Firefox\Profiles\h3bblgkv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-28 21:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-04-28 21:03:28
ComboFix-quarantined-files.txt 2010-04-29 04:03

Pre-Run: 6,464,798,720 bytes free
Post-Run: 6,630,584,320 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 6C200E74EE7C74B6FE3B80D9D41248C9
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » April 29th, 2010, 8:01 am

Hi

I see sign's of uTorrent in your logs. I would say this is undoubtedly where the infection came from.


With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:
uTorrent

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.
We see no purpose in cleaning your machine if you use P2P programmes, as it is pretty much certain that if you continue to use them then you will get infected again.


  • Click on Start > Control Panel and double click on Add/Remove Programs.
  • Locate uTorrent and click on the Change/Remove button to uninstall it.
  • Close Add/Remove Programs and Control Panel when done.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » April 29th, 2010, 10:19 pm

Through Add/Remove Programs I received a message telling my I could not delete uTorrent because it may have already been deleted. The uTorrent directory is still there, but empty. I don't recall uninstalling it myself.
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » April 30th, 2010, 2:43 am

Hi

Ok, thanks.


After completing the steps below, let me know how things are running.



TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Re-run DDS

Please disable any anti-malware program that will block scripts from running before running DDS.
  • Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, Please copy & paste the contents of :
    • DDS.txt
And post it in your next reply.




In your next reply:
  1. How are things running?
  2. MBAM log
  3. DDS.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » May 1st, 2010, 5:45 pm

Things seem to be running pretty well now. No redirects. Should I leave the same boxes unchecked in DDS as before?
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top

Re: Search redirects and Firefox crashes

Unread postby melboy » May 1st, 2010, 6:04 pm

Hi

Should I leave the same boxes unchecked in DDS as before


No, that was GMER. You need to run DDS.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Top

Re: Search redirects and Firefox crashes

Unread postby hjohn23 » May 2nd, 2010, 4:00 pm

Okay, here they are. System seems to be running fine now ^_^

DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Heinrich at 12:44:42.92 on Sun 05/02/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1471 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Heinrich\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Google Update] "c:\documents and settings\heinrich\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\heinrich\applic~1\mozilla\firefox\profiles\h3bblgkv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\heinrich\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-22 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-22 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-22 242896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2009-2-22 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [2008-6-21 66600]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2009-7-22 78848]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-9 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-9 308064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\sunbelt software\personal firewall\SbPFLnch.exe [2008-10-31 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\sunbelt software\personal firewall\SbPFSvc.exe [2008-10-31 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2009-2-22 65576]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2009-2-22 5824]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-16 12672]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2010-2-18 25832]
S3 pfsvgae;pfsvgae;\??\c:\docume~1\heinrich\locals~1\temp\pfsvgae.sys --> c:\docume~1\heinrich\locals~1\temp\pfsvgae.sys [?]

=============== Created Last 30 ================

2010-04-29 03:43:21 0 d-sha-r- C:\cmdcons
2010-04-29 03:41:04 98816 ----a-w- c:\windows\sed.exe
2010-04-29 03:41:04 77312 ----a-w- c:\windows\MBR.exe
2010-04-29 03:41:04 256512 ----a-w- c:\windows\PEV.exe
2010-04-29 03:41:04 161792 ----a-w- c:\windows\SWREG.exe
2010-04-23 21:03:00 0 d-----w- c:\program files\Trend Micro
2010-04-23 01:59:13 0 d-----w- c:\windows\pss
2010-04-23 01:51:23 0 d-----w- c:\program files\CCleaner
2010-04-22 23:36:20 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-22 23:35:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
2010-04-22 23:35:48 0 d-----w- c:\program files\Hitman Pro 3.5

==================== Find3M ====================

2010-04-29 02:43:45 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-23 07:46:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-20 16:18:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-31 22:50:54 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-30 07:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 07:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 16:31:50 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:31:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 11:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 06:12:23 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12:17 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-16 13:17:38 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47:05 100864 ----a-w- c:\windows\system32\6to4svc.dll
2003-12-18 18:33:46 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 14:46:54 10960 ----a-w- c:\program files\EULA.txt

============= FINISH: 12:46:00.92 ===============


Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/22/2009 10:14:24 AM
System Uptime: 5/2/2010 10:48:24 AM (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5LD2-VM
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | LGA 775 | 2667/133mhz
Processor: Intel(R) Pentium(R) D CPU 2.66GHz | LGA 775 | 2667/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 6.208 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Mass Storage Controller
Device ID: PCI\VEN_1283&DEV_8211&SUBSYS_81381043&REV_11\4&CF81C54&0&20F0
Manufacturer:
Name: Mass Storage Controller
PNP Device ID: PCI\VEN_1283&DEV_8211&SUBSYS_81381043&REV_11\4&CF81C54&0&20F0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_81791043&REV_01\3&11583659&0&FB
Service:

==== System Restore Points ===================

RP325: 2/1/2010 5:08:35 PM - System Checkpoint
RP326: 2/1/2010 5:45:39 PM - Installed Java(TM) 6 Update 17
RP327: 2/1/2010 5:46:30 PM - Installed MSN Toolbar Setup
RP328: 2/2/2010 9:16:48 AM - Avg8 Update
RP329: 2/3/2010 12:03:23 PM - System Checkpoint
RP330: 2/4/2010 12:57:54 PM - System Checkpoint
RP331: 2/5/2010 2:33:01 PM - System Checkpoint
RP332: 2/6/2010 3:06:57 PM - System Checkpoint
RP333: 2/7/2010 5:27:28 PM - System Checkpoint
RP334: 2/8/2010 6:04:52 PM - System Checkpoint
RP335: 2/9/2010 7:10:48 PM - System Checkpoint
RP336: 2/10/2010 3:00:15 AM - Software Distribution Service 3.0
RP337: 2/11/2010 8:57:16 AM - System Checkpoint
RP338: 2/12/2010 1:34:26 PM - System Checkpoint
RP339: 2/13/2010 4:13:52 PM - System Checkpoint
RP340: 2/14/2010 5:09:45 PM - System Checkpoint
RP341: 2/16/2010 12:25:07 AM - System Checkpoint
RP342: 2/17/2010 5:48:12 PM - System Checkpoint
RP343: 2/18/2010 6:52:36 PM - Removed Neverwinter Nights 2
RP344: 2/18/2010 6:53:30 PM - Removed Oblivion
RP345: 2/18/2010 7:23:46 PM - Installed DirectX
RP346: 2/20/2010 4:14:47 PM - System Checkpoint
RP347: 2/21/2010 4:40:37 PM - System Checkpoint
RP348: 2/24/2010 2:37:05 AM - System Checkpoint
RP349: 2/24/2010 3:00:16 AM - Software Distribution Service 3.0
RP350: 2/24/2010 10:31:45 AM - Removed Microsoft Visual C++ 2005 Redistributable
RP351: 2/24/2010 10:32:06 AM - Installed Microsoft Visual C++ 2005 Redistributable
RP352: 2/26/2010 1:55:42 AM - System Checkpoint
RP353: 2/27/2010 3:01:43 AM - System Checkpoint
RP354: 2/28/2010 5:13:25 PM - System Checkpoint
RP355: 3/1/2010 5:57:28 PM - System Checkpoint
RP356: 3/3/2010 2:32:15 AM - System Checkpoint
RP357: 3/4/2010 7:22:36 PM - System Checkpoint
RP358: 3/5/2010 7:34:06 PM - System Checkpoint
RP359: 3/6/2010 8:06:44 PM - System Checkpoint
RP360: 3/7/2010 11:32:08 PM - System Checkpoint
RP361: 3/8/2010 9:34:21 AM - Avg8 Update
RP362: 3/9/2010 8:31:15 AM - Installed AVG Free 9.0
RP363: 3/10/2010 3:46:18 PM - System Checkpoint
RP364: 3/11/2010 2:06:55 AM - Software Distribution Service 3.0
RP365: 3/12/2010 3:18:34 PM - System Checkpoint
RP366: 3/13/2010 3:31:50 PM - System Checkpoint
RP367: 3/14/2010 4:56:50 PM - System Checkpoint
RP368: 3/15/2010 5:11:26 PM - System Checkpoint
RP369: 3/17/2010 2:10:40 AM - System Checkpoint
RP370: 3/17/2010 1:01:55 PM - Avg Update
RP371: 3/18/2010 6:17:07 PM - System Checkpoint
RP372: 3/20/2010 11:28:26 AM - System Checkpoint
RP373: 3/21/2010 2:55:10 PM - System Checkpoint
RP374: 3/22/2010 4:34:30 PM - System Checkpoint
RP375: 3/23/2010 6:07:57 PM - System Checkpoint
RP376: 3/24/2010 11:46:01 PM - System Checkpoint
RP377: 3/26/2010 6:04:19 PM - System Checkpoint
RP378: 3/27/2010 6:51:46 PM - System Checkpoint
RP379: 3/28/2010 7:08:35 PM - System Checkpoint
RP380: 3/31/2010 3:00:16 AM - Software Distribution Service 3.0
RP381: 3/31/2010 1:44:58 PM - Installed Java(TM) 6 Update 19
RP382: 3/31/2010 3:20:26 PM - Installed Sid Meier's Civilization 4
RP383: 3/31/2010 3:47:38 PM - Configured Sid Meier's Civilization 4
RP384: 4/1/2010 10:15:27 AM - Avg Update
RP385: 4/1/2010 10:16:44 AM - Avg Update
RP386: 4/2/2010 5:02:00 PM - System Checkpoint
RP387: 4/3/2010 5:29:23 PM - System Checkpoint
RP388: 4/4/2010 7:08:25 PM - System Checkpoint
RP389: 4/5/2010 8:03:00 PM - System Checkpoint
RP390: 4/7/2010 1:10:13 PM - Avg Update
RP391: 4/8/2010 3:53:18 PM - System Checkpoint
RP392: 4/9/2010 11:09:16 PM - System Checkpoint
RP393: 4/11/2010 2:32:43 AM - System Checkpoint
RP394: 4/12/2010 1:38:47 PM - System Checkpoint
RP395: 4/13/2010 2:07:56 PM - System Checkpoint
RP396: 4/14/2010 3:00:16 AM - Software Distribution Service 3.0
RP397: 4/15/2010 3:00:15 AM - Software Distribution Service 3.0
RP398: 4/16/2010 5:00:23 PM - System Checkpoint
RP399: 4/17/2010 8:04:38 PM - System Checkpoint
RP400: 4/18/2010 8:37:26 PM - System Checkpoint
RP401: 4/20/2010 8:58:47 AM - System Checkpoint
RP402: 4/20/2010 9:17:37 AM - Avg Update
RP403: 4/20/2010 9:18:45 AM - Avg Update
RP404: 4/21/2010 9:38:48 AM - System Checkpoint
RP405: 4/22/2010 10:49:28 AM - System Checkpoint
RP406: 4/23/2010 4:41:27 PM - System Checkpoint
RP407: 4/24/2010 5:03:22 PM - System Checkpoint
RP408: 4/25/2010 5:24:12 PM - System Checkpoint
RP409: 4/27/2010 9:06:53 AM - System Checkpoint
RP410: 4/28/2010 7:45:27 PM - System Checkpoint
RP411: 4/29/2010 8:39:10 PM - System Checkpoint
RP412: 4/30/2010 10:06:40 PM - System Checkpoint

==== Installed Programs ======================

Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Amazon MP3 Downloader 1.0.5
ASUSUpdate
AVG Free 9.0
CCleaner
Counter-Strike: Source
CPUID HWMonitor 1.14
Dragon Age: Origins
Galactic Civilizations II
Google Chrome
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman Pro 3.5
Homeworld2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java(TM) 6 Update 19
Linksys Wireless-G PCI Adapter
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Search Enhancement Pack
Microsoft UI Engine
Microsoft Visual C++ 2005 Redistributable
Morrowind
Mozilla Firefox (3.6.3)
MSN Toolbar
MSN Toolbar Platform
MSXML 6 Service Pack 2 (KB973686)
NVIDIA Drivers
NVIDIA PhysX
OpenOffice.org 3.1
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Sid Meier's Civilization 4
Source SDK
Source SDK Base
Spybot - Search & Destroy
Steam
Sunbelt Personal Firewall
TeamSpeak 2 RC2
TES Construction Set
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB898461)
Update for Windows XP (KB925720)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
WebFldrs XP
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live ID Sign-in Assistant
Windows Media Format Runtime
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

5/1/2010 2:38:37 PM, error: Service Control Manager [7034] - The Sunbelt Personal Firewall 4 service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:03 PM, error: Service Control Manager [7034] - The WMP54Gv4SVC service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:03 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:03 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
5/1/2010 2:38:02 PM, error: Service Control Manager [7034] - The SbPF.Launcher service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:02 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
5/1/2010 2:38:02 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/1/2010 11:59:18 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0014BF794949 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/26/2010 7:33:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sbhips Tcpip
4/26/2010 7:33:57 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2010 7:33:57 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2010 7:33:57 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2010 7:33:57 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/26/2010 7:33:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/26/2010 7:33:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/25/2010 10:26:08 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/25/2010 10:26:08 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

5/2/2010 12:55:56 PM
mbam-log-2010-05-02 (12-55-56).txt

Scan type: Quick scan
Objects scanned: 115223
Time elapsed: 6 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
hjohn23
Active Member
 
Posts: 10
Joined: April 23rd, 2010, 4:59 pm
Top
Advertisement
Register to Remove
Next
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 144 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index