oneear

Members
  • Content count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About oneear

  • Rank
    Newbie
  1. Thanks ever so much for your help - the service you provide is invaluable. My system appears to be running smoothly again. Thanks again, and I hope not to have to use your expertise again!
  2. Hi there, Firstly thanks very much for your help, I appreciate you giving up your time. I have attached the two dds logs as requested but the GMER programme runs for a while and then I get the blue screen of death. I've tried it twice now with no success. I should also confess being incredibly impatient I followed the advice posted for another user having identicle issues, which was to run Combofix. I know this isn't an everyday use tool, but it does appear to have fixed my inability to update all my security software. The log cretaed by combofix is here: ComboFix 10-03-27.02 - Oli 27/03/2010 23:44:37.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1684 [GMT 0:00] Running from: c:\users\Oli\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 090305-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 090305-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-168182961-2868486897-343656635-500 c:\$recycle.bin\S-1-5-21-1769187243-2036837067-3015907111-500 c:\users\Oli\AppData\Roaming\inst.exe c:\users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyTicker.lnk c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))) . 2010-03-27 23:52 . 2010-03-27 23:53 -------- d-----w- c:\users\Oli\AppData\Local\temp 2010-03-27 23:52 . 2010-03-27 23:52 -------- d-----w- c:\users\Vicky\AppData\Local\temp 2010-03-27 23:52 . 2010-03-27 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-27 20:45 . 2010-03-27 20:45 -------- d-----w- c:\program files\Trend Micro 2010-03-27 18:20 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-03-27 18:20 . 2010-03-27 18:20 -------- d-----w- c:\program files\Panda Security 2010-03-27 17:32 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-27 17:31 . 2010-03-27 17:31 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-27 17:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-27 17:31 . 2010-03-27 17:31 -------- d-----w- c:\program files\Lavasoft 2010-03-27 11:50 . 2010-03-27 18:16 -------- d-----w- c:\users\Oli\AppData\Roaming\QuickScan 2010-03-27 11:50 . 2010-03-26 14:33 668648 ----a-w- c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-03-27 11:50 . 2010-03-26 14:33 830864 ----a-w- c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-03-13 20:24 . 2010-03-13 20:24 -------- d-----w- c:\users\Vicky\AppData\Roaming\Amazon 2010-03-13 20:23 . 2010-03-13 20:23 -------- d-----w- c:\program files\Amazon 2010-03-13 10:35 . 2010-03-16 18:54 -------- d-----w- c:\programdata\FLEXnet 2010-03-13 10:29 . 2010-03-13 10:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-03-13 10:27 . 2010-03-13 10:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-03-11 20:08 . 2010-03-13 08:39 -------- d-----w- c:\users\Oli\AppData\Roaming\Nikon 2010-03-11 20:06 . 2010-03-11 20:06 49152 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2010-03-11 20:06 . 2010-03-11 20:06 335872 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2010-03-11 20:05 . 2010-03-11 20:05 57344 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2010-03-11 20:02 . 2010-03-13 08:39 -------- d-----w- c:\program files\Common Files\Nikon 2010-03-11 20:02 . 2010-03-11 20:02 -------- d-----w- c:\program files\Nikon 2010-03-10 19:12 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-10 19:12 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-10 19:12 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-10 19:07 . 2010-03-13 10:19 -------- d-----w- c:\users\Oli\AppData\Roaming\Download Manager 2010-03-03 20:46 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-03 20:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-03-03 20:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-26 07:24 . 2010-02-26 07:24 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys 2010-02-26 07:24 . 2010-02-26 07:24 390528 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys 2010-02-26 07:24 . 2010-02-26 07:24 249856 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll 2010-02-26 07:17 . 2010-02-26 07:17 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 20:59 . 2010-03-27 17:15 -------- d-----w- c:\program files\Spyware Doctor 2010-03-27 17:31 . 2008-09-01 20:55 -------- d-----w- c:\programdata\Lavasoft 2010-03-27 17:16 . 2010-03-27 17:15 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\users\Oli\AppData\Roaming\PC Tools 2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\programdata\PC Tools 2010-03-27 17:13 . 2010-02-18 19:42 -------- dc-h--w- c:\programdata\~1 2010-03-27 17:05 . 2010-01-09 15:22 -------- d-----w- c:\program files\RescuePRO 2010-03-27 11:22 . 2008-08-26 18:43 -------- d-----w- c:\programdata\Google Updater 2010-03-21 17:15 . 2008-08-25 13:37 -------- d-----w- c:\programdata\DVD Shrink 2010-03-19 14:12 . 2009-05-11 11:15 -------- d-----w- c:\users\Oli\AppData\Roaming\Spotify 2010-03-17 19:44 . 2008-10-29 21:39 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-13 20:06 . 2008-08-24 19:04 77976 ----a-w- c:\users\Vicky\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-13 10:30 . 2008-08-23 20:40 77976 ----a-w- c:\users\Oli\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-13 08:47 . 2010-03-11 20:00 0 ---h--w- c:\programdata\PKP_DLdw.DAT 2010-03-11 20:00 . 2010-03-11 20:00 -------- d-----w- c:\programdata\Ultima_T15 2010-03-11 20:00 . 2010-03-11 20:00 -------- d-----w- c:\programdata\EnterNHelp 2010-03-11 20:00 . 2008-06-27 10:10 -------- d-----w- c:\program files\Common Files\InstallShield 2010-03-11 19:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-10 19:15 . 2008-09-12 20:52 -------- d-----w- c:\programdata\Microsoft Help 2010-03-10 11:36 . 2010-03-27 17:15 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-02-28 20:31 . 2008-10-06 19:55 -------- d-----w- c:\programdata\CanonIJPLM 2010-02-24 09:16 . 2009-10-02 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 19:44 . 2009-10-28 18:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-02-16 18:37 . 2009-02-01 12:40 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-02-16 18:36 . 2010-01-03 18:51 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-16 18:36 . 2009-02-01 12:38 38784 ----a-w- c:\users\Oli\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-06 15:30 . 2010-02-06 15:30 -------- d-----w- c:\program files\Windows Portable Devices 2010-02-06 15:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-02-06 15:30 . 2010-02-06 15:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-02-06 15:30 . 2010-02-06 15:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-02-05 09:25 . 2010-03-27 17:15 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-02-05 09:18 . 2010-03-27 17:15 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-02-05 09:17 . 2010-03-27 17:15 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-02-02 21:34 . 2010-02-02 21:34 -------- d-----w- c:\program files\iTunes 2010-02-02 21:34 . 2010-02-02 21:34 -------- d-----w- c:\program files\iPod 2010-02-02 21:34 . 2008-08-23 22:09 -------- d-----w- c:\program files\Common Files\Apple 2010-02-02 21:32 . 2010-02-02 21:32 -------- d-----w- c:\program files\QuickTime 2010-02-02 21:25 . 2010-02-02 21:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-01-31 18:28 . 2010-01-31 18:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Spotify 2010-01-27 19:38 . 2009-10-19 07:57 -------- dc-h--w- c:\programdata\~0 2010-01-27 19:05 . 2010-01-26 18:31 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-01-27 19:05 . 2010-01-26 18:31 39 ----a-w- c:\windows\system32\rp_rules.dat 2010-01-25 12:00 . 2010-02-24 18:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 18:19 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 18:19 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 18:19 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 18:19 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 18:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 18:19 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 18:19 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 18:19 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 18:20 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-22 09:56 . 2010-03-27 17:15 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-22 09:56 . 2010-03-27 17:15 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-22 09:56 . 2010-03-27 17:15 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-22 09:55 . 2010-03-27 17:15 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-09 13:49 . 2010-01-09 13:49 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-01-06 15:39 . 2010-02-24 18:19 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-24 18:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-24 18:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 18:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 18:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 18:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-24 18:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-05 19:53 . 2010-01-05 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "googletalk"="c:\users\Oli\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-15 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 "VistaSp2"=hex(:a7,48,e1,84,48,a4,ca,01 R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208] R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-29 451072] R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_225.sys [2007-02-27 17152] R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552] R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616] R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032] S1 aswSP;avast! Self Protection; [x] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-26 390528] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-02-17 58984] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-02-17 108904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-02-17 779496] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52] 2010-03-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-26 20:53] 2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{1DED0ED3-14D6-4F24-8EDB-3808BDC59C07}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] 2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{5182991A-DB85-4798-93D7-74FFA70DBB55}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-27 23:53 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x887D68C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x83ba1d24 \Driver\ACPI -> acpi.sys @ 0x806cfd68 \Driver\atapi -> atapi.sys @ 0x807da9b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK ************************************************************************** . Completion time: 2010-03-27 23:56:01 ComboFix-quarantined-files.txt 2010-03-27 23:55 Pre-Run: 407,199,608,832 bytes free Post-Run: 407,491,932,160 bytes free - - End Of File - - EC34BD77FBB9CB0494392E42E346BAF6 Thanks again. Oneear
  3. Hi, My PC seems to be infected with some very stuborn malware as my google results are hijacked and I am taken to random sites. perhaps more worryingly I also cannot update ad aware or visit any spyware related sites. I read the rules and followed the instructions,. Hijack this log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:09:11, on 27/03/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [googletalk] C:\Users\Oli\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe O4 - Startup: SkyTicker.lnk = C:\Program Files\SkyTicker\SkyTicker.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F616F3-AF78-48CC-B04C-4C3FDFA6F537}: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CS22\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9500 bytes All help gratefully reeived! Oneear