cfussell Posted December 26, 2011 ID:509439 Share Posted December 26, 2011 Hello,I thought I got rid of the malware but it continues to come back. I especially see it when I open up Internet explorer. I have AVG as antivirus, ran adware, spybot, and AVG in safe mode. I am not sure what to do now. I will check back after work today around 6pm CST. Thank you for any help in advance!.DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24Run by cfusse at 5:59:00 on 2011-12-26Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1136 [GMT -6:00].AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}.============== Running Processes ===============.C:\PROGRA~1\AVG\AVG2012\avgrsx.exeC:\Program Files\AVG\AVG2012\avgcsrvx.exeC:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\SLsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\AVG\AVG2012\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\DRoster\Firebird\bin\fbguard.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\DRIVERS\xaudio.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\AVG\AVG2012\avgnsx.exeC:\Program Files\AVG\AVG2012\AVGIDSAgent.exeC:\Windows\system32\WUDFHost.exeC:\Program Files\DRoster\Firebird\bin\fbserver.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Program Files\Lavasoft\Ad-Aware\AWSC.exeC:\Program Files\Lavasoft\Ad-Aware\AWSC.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exeC:\Windows\system32\taskeng.exeC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Windows\RtHDVCpl.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exeC:\Windows\System32\wpcumi.exeC:\Program Files\AVG\AVG2012\avgtray.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exeC:\Program Files\Ask.com\Updater\Updater.exeC:\Program Files\AVG Secure Search\vprot.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exeC:\Users\cfusse\AppData\Roaming\Google\Google Talk\googletalk.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\ehome\ehmsas.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\iPod\bin\iPodService.exec:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exeC:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\system32\wbem\wmiprvse.exeC:\hp\kbd\kbd.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Users\cfusse\Desktop\Malwarebytes' Anti-Malware\mbam.exeC:\Users\cfusse\Desktop\Malwarebytes' Anti-Malware\mbamservice.exeC:\Users\cfusse\Desktop\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\NOTEPAD.EXEC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\Windows Mail\WinMail.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Search_URL = hxxp://www.google.com/ieuInternet Settings,ProxyOverride = *.localuSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search?q=%suURLSearchHooks: H - No FileuURLSearchHooks: H - No FileuURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dlluURLSearchHooks: H - No FileuURLSearchHooks: H - No FilemURLSearchHooks: H - No FileBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dllBHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dllBHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No FileBHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllBHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllBHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllTB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllTB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No FileTB: {9D425283-D487-4337-BAB6-AB8354A81457} - No FileTB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dllTB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dllTB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.18\AVG Secure Search_toolbar.dllTB: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRunuRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [Google Update] "c:\users\cfusse\appdata\local\google\update\GoogleUpdate.exe" /cuRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAYuRun: [googletalk] c:\users\cfusse\appdata\roaming\google\google talk\googletalk.exe /autostartmRun: [hpsysdrv] c:\hp\support\hpsysdrv.exemRun: [KBD] c:\hp\kbd\KbdStub.EXEmRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"mRun: [RtHDVCpl] RtHDVCpl.exemRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exemRun: [WPCUMI] c:\windows\system32\WpcUmi.exemRun: [Malwarebytes Anti-Malware (reboot)] "c:\users\cfusse\desktop\malwarebytes' anti-malware\mbam.exe" /runcleanupscriptmRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"mRun: [vProt] "c:\program files\avg secure search\vprot.exe"mRun: [Malwarebytes' Anti-Malware] "c:\users\cfusse\desktop\malwarebytes' anti-malware\mbamgui.exe" /starttraymRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exemRunOnce: [Malwarebytes' Anti-Malware] c:\users\cfusse\desktop\malwarebytes' anti-malware\mbamgui.exe /install /silentmPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLLSP: c:\windows\system32\wpclsp.dllLSP: mswsock.dllDPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} - hxxp://www.worldwinner.com/games/v47/scrabblecubes/scrabblecubes.cabDPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cabDPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cabDPF: {13EB7AC8-4811-461C-8581-89650F3D716B} - hxxp://www.worldwinner.com/games/v44/walloffame/walloffame.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cabDPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cabDPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cabDPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dllDPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CABDPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cabDPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cabDPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cabDPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cabDPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cabDPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cabDPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cabDPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} - hxxp://www.worldwinner.com/games/v51/bejeweled/bejeweled.cabDPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cabDPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cabDPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cabDPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cabDPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabDPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cabDPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cabDPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cabDPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cabDPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cabDPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cabDPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cabDPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cabDPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cabDPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cabDPF: {B6FA2311-5F85-47D3-B885-7055340FC740} - hxxp://www.worldwinner.com/games/v46/grandslam/grandslamtrivia.cabDPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cabDPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cabDPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cabDPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cabDPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cabDPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cabDPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cabDPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v49/familyfeud/familyfeud.cabDPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://75.145.120.131/activex/AMC.cabDPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cabDPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabDPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cabDPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} - hxxp://www.worldwinner.com/games/v53/h2hpool/h2hpool.cabTCP: DhcpNameServer = 208.180.83.133 208.180.42.68TCP: Interfaces\{852874A1-D633-4CEC-814B-BEC35DCF5BDB} : DhcpNameServer = 208.180.83.133 208.180.42.68Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\cfusse\appdata\roaming\mozilla\firefox\profiles\gvjcnyt4.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - Ask.comFF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&mssrc=ms_kwd&mstb=adawaretb&q=FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dllFF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\ksolo\npAVX.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\NPcolPM460.dllFF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dllFF - plugin: c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dllFF - plugin: c:\program files\nos\bin\np_gp.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - plugin: c:\users\cfusse\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dllFF - plugin: c:\users\cfusse\appdata\locallow\unity\webplayer\loader\npUnity3D32.dllFF - plugin: c:\users\cfusse\appdata\roaming\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\users\cfusse\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.homepage.dontask - true.============= SERVICES / DRIVERS ===============.R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-11-8 64512]R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\droster\firebird\bin\fbguard.exe -s --> c:\program files\droster\firebird\bin\fbguard.exe -s [?]R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-20 21504]R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]R2 MBAMService;MBAMService;c:\users\cfusse\desktop\malwarebytes' anti-malware\mbamservice.exe [2010-11-22 366152]R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2011-12-7 855904]R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\droster\firebird\bin\fbserver.exe -s --> c:\program files\droster\firebird\bin\fbserver.exe -s [?]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-22 22216]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-11-22 41272]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-16 1025352]S3 DCamUSBNW800;CIF USB Camera (2110);c:\windows\system32\drivers\pcam800.sys [2002-7-27 210792]S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-28 39272]S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-20 21504]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== Created Last 30 ================.2011-12-24 15:35:41 -------- d-----w- C:\Kingsbury2011-12-16 23:34:57 1427456 ----a-w- c:\windows\system32\inetcpl.cpl2011-12-15 15:33:35 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe2011-12-15 15:33:34 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe2011-12-15 15:33:32 429056 ----a-w- c:\windows\system32\EncDec.dll2011-12-15 15:33:29 2043904 ----a-w- c:\windows\system32\win32k.sys2011-12-15 15:33:26 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat2011-12-15 15:33:24 49152 ----a-w- c:\windows\system32\csrsrv.dll2011-12-15 15:33:21 2048 ----a-w- c:\windows\system32\tzres.dll2011-12-07 18:49:22 -------- d-----w- c:\programdata\AVG Secure Search2011-12-05 11:15:29 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll2011-11-26 15:21:45 -------- d-----w- c:\users\cfusse\appdata\roaming\SumatraPDF2011-11-26 15:21:08 -------- d-----w- c:\program files\Ask.com2011-11-26 15:20:59 -------- d-----w- c:\program files\PDFReader.==================== Find3M ====================.2011-12-26 10:11:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-11-29 00:21:17 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-11-08 23:49:12 16432 ----a-w- c:\windows\system32\lsdelete.exe2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb2011-11-03 18:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys.============= FINISH: 6:00:02.67 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 2/8/2008 12:39:43 PMSystem Uptime: 12/26/2011 3:58:06 AM (3 hours ago).Motherboard: ECS | | Nettle2Processor: AMD Athlon 64 X2 Dual Core Processor 4800+ | Socket M2 | 2500/201mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 456 GiB total, 296.887 GiB free.D: is FIXED (NTFS) - 10 GiB total, 1.322 GiB free.E: is CDROM ()F: is RemovableJ: is RemovableL: is RemovableM: is RemovableN: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP1381: 12/2/2011 12:00:03 AM - Scheduled CheckpointRP1382: 12/2/2011 7:38:16 PM - Scheduled CheckpointRP1383: 12/4/2011 2:20:21 AM - Scheduled CheckpointRP1384: 12/4/2011 9:17:56 PM - Scheduled CheckpointRP1385: 12/6/2011 1:24:30 AM - Scheduled CheckpointRP1386: 12/7/2011 12:00:06 AM - Scheduled CheckpointRP1387: 12/8/2011 12:00:05 AM - Scheduled CheckpointRP1388: 12/9/2011 12:16:56 AM - Scheduled CheckpointRP1389: 12/10/2011 2:22:26 AM - Scheduled CheckpointRP1390: 12/11/2011 2:39:18 AM - Scheduled CheckpointRP1391: 12/14/2011 11:33:54 PM - Scheduled CheckpointRP1392: 12/16/2011 5:15:32 PM - Windows UpdateRP1393: 12/17/2011 3:47:01 AM - Removed BonjourRP1394: 12/18/2011 2:06:18 AM - Scheduled CheckpointRP1395: 12/19/2011 11:33:01 PM - Scheduled CheckpointRP1396: 12/21/2011 12:00:06 AM - Scheduled CheckpointRP1397: 12/22/2011 10:39:51 AM - Scheduled CheckpointRP1398: 12/23/2011 1:18:19 AM - Scheduled CheckpointRP1399: 12/24/2011 3:37:13 AM - Scheduled CheckpointRP1400: 12/25/2011 5:27:35 AM - Scheduled CheckpointRP1401: 12/26/2011 5:43:34 AM - Scheduled Checkpoint.==== Installed Programs ======================.ABC Amber PDF ConverterAd-AwareAd-Aware Security ToolbarAdobe Download ManagerAdobe Flash Player 10 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.1)Adobe Shockwave Player 11.5Apple Application SupportApple Mobile Device SupportApple Software UpdateArtweaver 1.0Ask ToolbarAudacity 1.2.6AVG 2012AVG PC Tuneup 2011AVS Update Manager 1.0AVS Video Converter 6AVS4YOU Software Navigator 1.3AXIS Media Control EmbeddedBonjourBytescout XLS Viewer 2.30a (FREEWARE)Cards_Calendar_OrderGift_DoMorePlugoutCIF USB Camera (2110)Clip Art CollectionCompatibility Pack for the 2007 Office systemContent TransferCoupon Printer for WindowsCyberLink DVD Suite DeluxeD3DX10Digital Media Converter Pro 3.0DR Systems Web AmbassadorDRosterEmployee Scheduling AssistantEnhanced Multimedia Keyboard SolutionEZ Cards CreatorFeedback ToolGoogle Talk (remove only)Google Talk PluginHardware Diagnostic ToolsHewlett-Packard Active CheckHewlett-Packard Asset Agent for Health CheckHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Active Support LibraryHP AdvisorHP Customer Experience EnhancementsHP Customer FeedbackHP Easy Setup - FrontendHP On-Screen Cap/Num/Scroll Lock IndicatorHP Photo CreationsHP Photosmart Essential 2.5HP Picasso Media Center Add-InHP UpdateHPPhotoSmartPhotobookWebPack1IrfanView (remove only)iTunesJava Auto UpdaterJava 6 Update 24Junk Mail filter updatekSolo RecorderLabelPrintLightScribe System SoftwareLightScribe Template LabelerMalwarebytes' Anti-Malware version 1.51.2.1300Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2572067)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Default ManagerMicrosoft Office File Validation Add-InMicrosoft Office PowerPoint Viewer 2007 (English)Microsoft Office Small Business Edition 2003Microsoft Office Word Viewer 2003Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMozilla Firefox 8.0.1 (x86 en-US)Mpeg2Decoder 1.3MSNMSN ToolbarMSN Toolbar PlatformMSVCRTMSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKmuvee autoProducer 6.1My HP GamesNVIDIA Display Control PanelNVIDIA DriversOGA Notifier 2.0.0048.0OpenOffice.org 3.1PDF ReaderPhoto Viewer V2.4Picasa 3Picture TimeclockPowerDirectorPSSWCOREPython 2.5QuickTimeRealtek High Definition Audio DriverRevo Uninstaller 1.93SafariSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Segoe UISnap 'n Share Pro Soft Data Fax Modem with SmartCPSPORE™Spybot - Search & DestroySuper Winspy v3.3TrojanHunter 5.0Uniblue RegistryBooster 2Unity Web PlayerUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)VegasVipVideoToolkit01Virtual Earth 3D (Beta)Visual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01WeatherBug GadgetWindows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWizard101Yahoo! Browser ServicesYahoo! Install ManagerYahoo! Internet MailYahoo! MessengerYahoo! Software UpdateYontoo Layers Client 1.10.01.==== Event Viewer Messages From Past Week ========.12/26/2011 4:01:03 AM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.12/26/2011 3:58:59 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt12/26/2011 3:58:59 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.12/26/2011 3:58:59 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed..==== End Of File =========================== Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 8, 2012 ID:524830 Share Posted February 8, 2012 Hello,Would you advise if you have resolved your issues or if you have sought help elsewhere?If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply into this TopiAnyone other than original-poster who has similar issues, do not reply here. Start your own topic. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 12, 2012 ID:526137 Share Posted February 12, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts