• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       

oneear

Members
  • Content count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About oneear

  • Rank
    Newbie

Contact Methods

  • ICQ
    0
  1. Thanks ever so much for your help - the service you provide is invaluable. My system appears to be running smoothly again. Thanks again, and I hope not to have to use your expertise again!
  2. Hi there, Firstly thanks very much for your help, I appreciate you giving up your time. I have attached the two dds logs as requested but the GMER programme runs for a while and then I get the blue screen of death. I've tried it twice now with no success. I should also confess being incredibly impatient I followed the advice posted for another user having identicle issues, which was to run Combofix. I know this isn't an everyday use tool, but it does appear to have fixed my inability to update all my security software. The log cretaed by combofix is here: ComboFix 10-03-27.02 - Oli 27/03/2010 23:44:37.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1684 [GMT 0:00] Running from: c:\users\Oli\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1229 [VPS 090305-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: avast! antivirus 4.8.1229 [VPS 090305-1] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-168182961-2868486897-343656635-500 c:\$recycle.bin\S-1-5-21-1769187243-2036837067-3015907111-500 c:\users\Oli\AppData\Roaming\inst.exe c:\users\Oli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyTicker.lnk c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job . ((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 ))))))))))))))))))))))))))))))) . 2010-03-27 23:52 . 2010-03-27 23:53 -------- d-----w- c:\users\Oli\AppData\Local\temp 2010-03-27 23:52 . 2010-03-27 23:52 -------- d-----w- c:\users\Vicky\AppData\Local\temp 2010-03-27 23:52 . 2010-03-27 23:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-03-27 20:45 . 2010-03-27 20:45 -------- d-----w- c:\program files\Trend Micro 2010-03-27 18:20 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-03-27 18:20 . 2010-03-27 18:20 -------- d-----w- c:\program files\Panda Security 2010-03-27 17:32 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-03-27 17:31 . 2010-03-27 17:31 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-03-27 17:31 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-03-27 17:31 . 2010-03-27 17:31 -------- d-----w- c:\program files\Lavasoft 2010-03-27 11:50 . 2010-03-27 18:16 -------- d-----w- c:\users\Oli\AppData\Roaming\QuickScan 2010-03-27 11:50 . 2010-03-26 14:33 668648 ----a-w- c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll 2010-03-27 11:50 . 2010-03-26 14:33 830864 ----a-w- c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll 2010-03-13 20:24 . 2010-03-13 20:24 -------- d-----w- c:\users\Vicky\AppData\Roaming\Amazon 2010-03-13 20:23 . 2010-03-13 20:23 -------- d-----w- c:\program files\Amazon 2010-03-13 10:35 . 2010-03-16 18:54 -------- d-----w- c:\programdata\FLEXnet 2010-03-13 10:29 . 2010-03-13 10:29 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2010-03-13 10:27 . 2010-03-13 10:27 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2010-03-11 20:08 . 2010-03-13 08:39 -------- d-----w- c:\users\Oli\AppData\Roaming\Nikon 2010-03-11 20:06 . 2010-03-11 20:06 49152 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe 2010-03-11 20:06 . 2010-03-11 20:06 335872 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe 2010-03-11 20:05 . 2010-03-11 20:05 57344 ----a-r- c:\users\Oli\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe 2010-03-11 20:02 . 2010-03-13 08:39 -------- d-----w- c:\program files\Common Files\Nikon 2010-03-11 20:02 . 2010-03-11 20:02 -------- d-----w- c:\program files\Nikon 2010-03-10 19:12 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll 2010-03-10 19:12 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys 2010-03-10 19:12 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll 2010-03-10 19:07 . 2010-03-13 10:19 -------- d-----w- c:\users\Oli\AppData\Roaming\Download Manager 2010-03-03 20:46 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe 2010-03-03 20:46 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-03-03 20:46 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-02-26 07:24 . 2010-02-26 07:24 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys 2010-02-26 07:24 . 2010-02-26 07:24 390528 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBuka.sys 2010-02-26 07:24 . 2010-02-26 07:24 249856 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportBukaBroom\13897\RapportBukaBroom.dll 2010-02-26 07:17 . 2010-02-26 07:17 -------- d-----w- c:\users\Default\AppData\Roaming\Trusteer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-27 20:59 . 2010-03-27 17:15 -------- d-----w- c:\program files\Spyware Doctor 2010-03-27 17:31 . 2008-09-01 20:55 -------- d-----w- c:\programdata\Lavasoft 2010-03-27 17:16 . 2010-03-27 17:15 -------- d-----w- c:\program files\Common Files\PC Tools 2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\users\Oli\AppData\Roaming\PC Tools 2010-03-27 17:15 . 2010-03-27 17:15 -------- d-----w- c:\programdata\PC Tools 2010-03-27 17:13 . 2010-02-18 19:42 -------- dc-h--w- c:\programdata\~1 2010-03-27 17:05 . 2010-01-09 15:22 -------- d-----w- c:\program files\RescuePRO 2010-03-27 11:22 . 2008-08-26 18:43 -------- d-----w- c:\programdata\Google Updater 2010-03-21 17:15 . 2008-08-25 13:37 -------- d-----w- c:\programdata\DVD Shrink 2010-03-19 14:12 . 2009-05-11 11:15 -------- d-----w- c:\users\Oli\AppData\Roaming\Spotify 2010-03-17 19:44 . 2008-10-29 21:39 -------- d-----w- c:\program files\Common Files\Adobe 2010-03-13 20:06 . 2008-08-24 19:04 77976 ----a-w- c:\users\Vicky\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-13 10:30 . 2008-08-23 20:40 77976 ----a-w- c:\users\Oli\AppData\Local\GDIPFONTCACHEV1.DAT 2010-03-13 08:47 . 2010-03-11 20:00 0 ---h--w- c:\programdata\PKP_DLdw.DAT 2010-03-11 20:00 . 2010-03-11 20:00 -------- d-----w- c:\programdata\Ultima_T15 2010-03-11 20:00 . 2010-03-11 20:00 -------- d-----w- c:\programdata\EnterNHelp 2010-03-11 20:00 . 2008-06-27 10:10 -------- d-----w- c:\program files\Common Files\InstallShield 2010-03-11 19:41 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-03-10 19:15 . 2008-09-12 20:52 -------- d-----w- c:\programdata\Microsoft Help 2010-03-10 11:36 . 2010-03-27 17:15 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-02-28 20:31 . 2008-10-06 19:55 -------- d-----w- c:\programdata\CanonIJPLM 2010-02-24 09:16 . 2009-10-02 19:56 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-18 19:44 . 2009-10-28 18:43 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-02-16 18:37 . 2009-02-01 12:40 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-02-16 18:36 . 2010-01-03 18:51 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-16 18:36 . 2009-02-01 12:38 38784 ----a-w- c:\users\Oli\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-06 15:30 . 2010-02-06 15:30 -------- d-----w- c:\program files\Windows Portable Devices 2010-02-06 15:30 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat 2010-02-06 15:30 . 2010-02-06 15:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf 2010-02-06 15:30 . 2010-02-06 15:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf 2010-02-05 09:25 . 2010-03-27 17:15 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-02-05 09:18 . 2010-03-27 17:15 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys 2010-02-05 09:17 . 2010-03-27 17:15 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-02-02 21:34 . 2010-02-02 21:34 -------- d-----w- c:\program files\iTunes 2010-02-02 21:34 . 2010-02-02 21:34 -------- d-----w- c:\program files\iPod 2010-02-02 21:34 . 2008-08-23 22:09 -------- d-----w- c:\program files\Common Files\Apple 2010-02-02 21:32 . 2010-02-02 21:32 -------- d-----w- c:\program files\QuickTime 2010-02-02 21:25 . 2010-02-02 21:25 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal 2010-02-02 20:38 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender 2010-01-31 18:28 . 2010-01-31 18:27 -------- d-----w- c:\users\Vicky\AppData\Roaming\Spotify 2010-01-27 19:38 . 2009-10-19 07:57 -------- dc-h--w- c:\programdata\~0 2010-01-27 19:05 . 2010-01-26 18:31 54 ----a-w- c:\windows\system32\rp_stats.dat 2010-01-27 19:05 . 2010-01-26 18:31 39 ----a-w- c:\windows\system32\rp_rules.dat 2010-01-25 12:00 . 2010-02-24 18:19 471552 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-25 12:00 . 2010-02-24 18:19 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-25 12:00 . 2010-02-24 18:19 152064 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-25 12:00 . 2010-02-24 18:19 471552 ----a-w- c:\windows\system32\secproc.dll 2010-01-25 11:58 . 2010-02-24 18:19 332288 ----a-w- c:\windows\system32\msdrm.dll 2010-01-25 08:21 . 2010-02-24 18:19 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-25 08:21 . 2010-02-24 18:19 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-25 08:21 . 2010-02-24 18:19 518144 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-25 08:21 . 2010-02-24 18:19 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-23 09:26 . 2010-02-24 18:20 2048 ----a-w- c:\windows\system32\tzres.dll 2010-01-22 09:56 . 2010-03-27 17:15 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-01-22 09:56 . 2010-03-27 17:15 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-01-22 09:56 . 2010-03-27 17:15 1652688 ----a-w- c:\windows\PCTBDCore.dll 2010-01-22 09:55 . 2010-03-27 17:15 767952 ----a-w- c:\windows\BDTSupport.dll 2010-01-09 13:49 . 2010-01-09 13:49 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe 2010-01-06 15:39 . 2010-02-24 18:19 1696256 ----a-w- c:\windows\system32\gameux.dll 2010-01-06 15:38 . 2010-02-24 18:19 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2010-01-06 15:38 . 2010-02-24 18:19 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll 2010-01-06 15:38 . 2010-02-24 18:19 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll 2010-01-06 15:38 . 2010-02-24 18:19 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll 2010-01-06 15:38 . 2010-02-24 18:19 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll 2010-01-06 13:30 . 2010-02-24 18:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2010-01-05 19:53 . 2010-01-05 19:54 411368 ----a-w- c:\windows\system32\deploytk.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "googletalk"="c:\users\Oli\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-15 185896] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-05 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "FirewallOverride"=dword:00000001 "VistaSp2"=hex(:a7,48,e1,84,48,a4,ca,01 R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1228208] R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048] R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-29 451072] R3 BDA_Capture_225;USB Digital-TV receiver. Driver 3.0.1.18;c:\windows\system32\Drivers\BDA_Capture_225.sys [2007-02-27 17152] R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552] R3 ECS_Loader_220;Digital TV Receiver Firmware Loader 5.10.31.0;c:\windows\system32\Drivers\ECS_Loader_220.sys [2005-10-31 15616] R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288] S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-10 217032] S1 aswSP;avast! Self Protection; [x] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-26 390528] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-02-17 58984] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-02-17 108904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560] S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-02-17 779496] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 16:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:52] 2010-03-27 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-26 20:53] 2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{1DED0ED3-14D6-4F24-8EDB-3808BDC59C07}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] 2010-03-27 c:\windows\Tasks\User_Feed_Synchronization-{5182991A-DB85-4798-93D7-74FFA70DBB55}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\users\Oli\AppData\Roaming\Mozilla\Firefox\Profiles\et8lwd7g.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-03-27 23:53 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys PCTCore.sys acpi.sys hal.dll atapi.sys >>UNKNOWN [0x887D68C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0x83ba1d24 \Driver\ACPI -> acpi.sys @ 0x806cfd68 \Driver\atapi -> atapi.sys @ 0x807da9b0 IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK ************************************************************************** . Completion time: 2010-03-27 23:56:01 ComboFix-quarantined-files.txt 2010-03-27 23:55 Pre-Run: 407,199,608,832 bytes free Post-Run: 407,491,932,160 bytes free - - End Of File - - EC34BD77FBB9CB0494392E42E346BAF6 Thanks again. Oneear
  3. Hi, My PC seems to be infected with some very stuborn malware as my google results are hijacked and I am taken to random sites. perhaps more worryingly I also cannot update ad aware or visit any spyware related sites. I read the rules and followed the instructions,. Hijack this log is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:09:11, on 27/03/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\SYSTEM32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Trusteer\Rapport\bin\RapportService.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [googletalk] C:\Users\Oli\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe O4 - Startup: SkyTicker.lnk = C:\Program Files\SkyTicker\SkyTicker.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url] O17 - HKLM\System\CCS\Services\Tcpip\..\{E5F616F3-AF78-48CC-B04C-4C3FDFA6F537}: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CS22\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.55,93.188.166.76 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9500 bytes All help gratefully reeived! Oneear