Jump to content

a window quickly flashes during startup after Windows 7 loads... AV is disabled after startup


Recommended Posts

I need some help with this problem, I have been trying to fix this since 8/12/11 (i mentioned the dates because of restore points)

Windows updated on 8/11 and I noticed it took a very long time to load up with Windows. I rebooted pc and noticed that it ran very slow(blue circle) and my AV was disabled. I was unsure to use restore because of the windows update (earliest restore date is 8/12).

I googled and found several suggestions...tried them all. I noticed after windows startup a window flashes briefly on the screen (unreadable and goes away, then the AV is disabled (windows flags with a message to turn on, but I can't) I ran Sergiwa tool and it found an R-media malware. I removed that with Microsoft malware removal tool, but the window still flashed and AV is turned off a few minutes after windows starts and programs crash.

I ran Malwarebytes today and this is the log:

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7478

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

8/16/2011 10:52:33 AM

mbam-log-2011-08-16 (10-52-33).txt

Scan type: Quick scan

Objects scanned: 209893

Time elapsed: 29 minute(s), 54 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

c:\Users\webgirltj\downloads\Firefox\RRT.exe (Autorun.RRT) -> 2800 -> Unloaded process successfully.

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RRT-Auto (Autorun.RRT) -> Value: RRT-Auto -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\webgirltj\downloads\Firefox\RRT.exe (Autorun.RRT) -> Quarantined and deleted successfully.

---------------------

I reboot pc and I still have problems, so I ran combofix:

ComboFix 11-08-15.08 - webgirltj 08/16/2011 11:17:55.4.2 - x86 MINIMAL

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1406 [GMT -4:00]

Running from: c:\users\webgirltj\Downloads\ComboFix.exe

Command switches used :: /u

AV: F-Secure Anti-Virus for Workstations 9.00 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: F-Secure Anti-Virus for Workstations 9.00 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))

.

.

2011-08-13 06:13 . 2011-08-13 06:13 -------- d-----w- C:\446d3f2ecd73f4cc7b7e1e20f4

2011-08-13 05:28 . 2011-08-13 05:28 -------- d-----w- C:\aa95f44cd88cf35c08299a

2011-08-13 05:01 . 2011-08-13 05:01 -------- d-----w- C:\5ed0b09b11e3029e21b978d4b9d5f5

2011-08-13 04:40 . 2011-08-13 04:40 -------- d-----w- C:\MSI534ca.tmp

2011-08-13 04:36 . 2011-08-13 04:36 -------- d-----w- C:\b43592b883eda08a3c5c9fc5c1

2011-08-12 21:49 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{180D75C1-0A85-4F98-8B8F-E81892D91BB3}\mpengine.dll

2011-08-12 20:43 . 2011-08-12 20:43 -------- d-----w- C:\1f2743f470da01f2566a273f43d0299d

2011-08-12 17:42 . 2011-08-12 17:43 -------- d-----w- C:\6952a9492b02408739a8

2011-08-12 17:00 . 2011-08-12 17:00 -------- d-----w- C:\edfe3d3ef1d6885d8fa70f82c14b

2011-08-11 16:22 . 2011-08-11 16:22 -------- d-----w- C:\4aa987591ca5b6087f7dfb

2011-08-11 05:30 . 2011-08-11 05:30 -------- d-----w- C:\39cf3a602d06fb9ae3b0

2011-08-11 01:13 . 2011-07-09 02:30 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-11 01:12 . 2011-06-21 05:34 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-07-22 18:00 . 2011-07-22 18:00 -------- d-----w- c:\windows\system32\SPReview

2011-07-22 17:56 . 2011-07-22 17:56 -------- d-----w- c:\windows\system32\EventProviders

2011-07-18 03:15 . 2011-07-18 03:15 -------- d-----w- c:\program files\iPod

2011-07-18 02:48 . 2011-07-18 02:48 -------- d-----w- c:\program files\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-22 18:17 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-07-08 13:10 . 2011-06-19 00:38 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-07-06 23:52 . 2010-11-06 02:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52 . 2010-11-06 02:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-03 19:54 . 2011-06-28 15:24 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-23 15:03 . 2011-05-11 17:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2011-06-19 00:36 . 2011-06-19 00:36 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2011-06-19 00:36 . 2011-06-19 00:36 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2011-06-19 00:36 . 2011-06-19 00:36 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-06-11 02:29 . 2011-07-13 18:21 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 23:14 . 2010-07-30 02:50 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44 . 2011-06-29 17:58 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-05-20 01:49 . 2011-05-20 01:49 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-05-20 01:49 . 2011-05-20 01:49 161792 ----a-w- c:\windows\system32\msls31.dll

2011-05-20 01:49 . 2011-05-20 01:49 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-05-20 01:49 . 2011-05-20 01:49 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-05-20 01:49 . 2011-05-20 01:49 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-05-20 01:49 . 2011-05-20 01:49 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-05-20 01:49 . 2011-05-20 01:49 367104 ----a-w- c:\windows\system32\html.iec

2011-05-20 01:49 . 2011-05-20 01:49 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-05-20 01:49 . 2011-05-20 01:49 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-05-20 01:49 . 2011-05-20 01:49 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-05-20 01:49 . 2011-05-20 01:49 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-05-20 01:49 . 2011-05-20 01:49 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-05-20 01:49 . 2011-05-20 01:49 152064 ----a-w- c:\windows\system32\wextract.exe

2011-05-20 01:49 . 2011-05-20 01:49 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-05-20 01:49 . 2011-05-20 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-05-20 01:49 . 2011-05-20 01:49 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-05-20 01:49 . 2011-05-20 01:49 11776 ----a-w- c:\windows\system32\mshta.exe

2011-05-20 01:49 . 2011-05-20 01:49 101888 ----a-w- c:\windows\system32\admparse.dll

2010-10-30 04:05 . 2010-10-30 04:05 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\webgirltj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\webgirltj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\webgirltj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-11-19 5636136]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-02-03 394984]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2008-11-17 210208]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-01-21 4359280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-08-24 2080768]

"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-07-27 110880]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-10-08 167936]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-10-08 130560]

"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2009-11-26 1653360]

"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2009-11-26 301680]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2006-09-09 151552]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-01-21 960536]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-21 377232]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2010-10-30 9163464]

.

c:\users\webgirltj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\webgirltj\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-20 293950]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\webgirltj\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"Nuance PDF Professional 6-reminder"="c:\program files\Nuance\PDF Professional 6\Ereg\Ereg.exe" -r "c:\programdata\Nuance\PDF Professional 6\Ereg\Ereg.ini"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

R0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-12-15 42664]

R0 MDFSYSNT;MacDrive file system driver; [x]

R0 MDPMGRNT;MacDrive partition driver; [x]

R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 57800]

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [2009-11-26 68080]

R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [2009-11-26 12400]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 FlipShareServer;FlipShare Server;c:\program files\Flip Video\FlipShareServer\FlipShareServer.exe [2010-12-15 1085440]

R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-10-08 131584]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [2011-01-14 196912]

R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [2009-07-27 134944]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2011-07-07 424264]

R2 SRVFTWT;SRVFTWT;c:\program files\The FTW Transcriber\SRVFTWT.exe [2009-11-03 65536]

R2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2011-03-08 341832]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2011-06-09 148648]

R3 fsbl;F-Secure BlackLight Engine Driver;c:\program files\F-Secure\Anti-Virus\fsbldrv.sys [x]

R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [2011-05-23 61088]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 20992]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\StumbleUpon\StumbleUponUpdateService.exe [2009-03-24 120168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-30 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2009-11-26 39792]

R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2009-11-26 25200]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-16 c:\windows\Tasks\AWC AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2011-02-23 19:11]

.

2011-08-16 c:\windows\Tasks\AWC Startup.job

- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-02-23 21:43]

.

2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303819646-226406694-3773630236-1001Core.job

- c:\users\webgirltj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 05:21]

.

2011-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1303819646-226406694-3773630236-1001UA.job

- c:\users\webgirltj\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-02 05:21]

.

2011-08-16 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2010-09-09 09:22]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.ask.com?o=15784&l=dis

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 6\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100

IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm

IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\Evernote\Evernote\EvernoteIE.dll/204

TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.1.1

FF - ProfilePath - c:\users\webgirltj\AppData\Roaming\Mozilla\Firefox\Profiles\9km31j60.default\

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-RRT-Auto - c:\users\webgirltj\Downloads\Firefox\RRT.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{61D1C847-DF80-423A-8C6D-DC03B97E6EBE}"=hex:51,66,7a,6c,4c,1d,38,12,29,cb,c2,

65,b2,91,54,07,f3,7b,9f,43,bc,20,2a,aa

"{5093EB4C-3E93-40AB-9266-B607BA87BDC8}"=hex:51,66,7a,6c,4c,1d,38,12,22,e8,80,

54,a1,70,c5,05,ed,70,f5,47,bf,d9,f9,dc

"{9F6B5CC3-5C7B-4B5C-97AF-19DEC1E380E5}"=hex:51,66,7a,6c,4c,1d,38,12,ad,5f,78,

9b,49,12,32,0e,e8,b9,5a,9e,c4,bd,c4,f1

"{E3286BF1-E654-42FF-B4A6-5E111731DF6B}"=hex:51,66,7a,6c,4c,1d,38,12,9f,68,3b,

e7,66,a8,91,07,cb,b0,1d,51,12,6f,9b,7f

"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,

07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75

"{145B29F4-A56B-4B90-BBAC-45784EBEBBB7}"=hex:51,66,7a,6c,4c,1d,38,12,9a,2a,48,

10,59,eb,fe,0e,c4,ba,06,38,4b,e0,ff,a3

"{551A852F-39A6-44A7-9C13-AFBEC9185A9D}"=hex:51,66,7a,6c,4c,1d,38,12,41,86,09,

51,94,77,c9,01,e3,05,ec,fe,cc,46,1e,89

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{78875F5C-A685-4405-8DC5-D48DC65452B0}"=hex:51,66,7a,6c,4c,1d,38,12,32,5c,94,

7c,b7,e8,6b,01,f2,d3,97,cd,c3,0a,16,a4

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{95D9ECF5-2A4D-4550-BE49-70D42F71296E}"=hex:51,66,7a,6c,4c,1d,38,12,9b,ef,ca,

91,7f,64,3e,00,c1,5f,33,94,2a,2f,6d,7a

"{DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9}"=hex:51,66,7a,6c,4c,1d,38,12,13,6e,8b,

de,9d,82,dc,02,fb,e8,fc,e1,51,c5,af,ed

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,

fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42

"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,

51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11

"{9D19C405-BA93-461B-871F-97992CC45972}"=hex:51,66,7a,6c,4c,1d,38,12,6b,c7,0a,

99,a1,f4,75,03,f8,09,d4,d9,29,9a,1d,66

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:64,2c,52,6a,1a,32,cc,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(1688)

c:\users\webgirltj\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Completion time: 2011-08-16 11:28:45

ComboFix-quarantined-files.txt 2011-08-16 15:28

ComboFix2.txt 2011-08-16 00:26

ComboFix3.txt 2011-08-15 03:12

ComboFix4.txt 2011-08-13 16:07

.

Pre-Run: 3,461,001,216 bytes free

Post-Run: 3,139,932,160 bytes free

.

- - End Of File - - 5396C9194A1062706B57EA65890EF914

I also ran DDS:

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by webgirltj at 11:54:42 on 2011-08-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1077 [GMT -4:00]

.

AV: F-Secure Anti-Virus for Workstations 9.00 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

SP: F-Secure Anti-Virus for Workstations 9.00 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe

C:\Users\webgirltj\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com?o=15784&l=dis

uInternet Settings,ProxyOverride = *.local

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: CDelHotkeys Object: {78875f5c-a685-4405-8dc5-d48dc65452b0} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll

BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Delicious Toolbar: {61d1c847-df80-423a-8c6d-dc03b97e6ebe} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll

EB: Delicious Sidebar: {9d19c405-ba93-461b-871f-97992cc45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"

uRun: [sandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"

uRun: [iSUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe

mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto

mRun: [F-Secure TNB] "c:\program files\f-secure\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW

mRun: [F-Secure Manager] "c:\program files\f-secure\common\FSM32.EXE" /splash

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\webgir~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\webgirltj\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\windows\installer\{f761359c-9ced-45ae-9a51-9d6605cd55c4}\Evernote.ico

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML

IE: Append to existing PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML

IE: Create PDF file - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML

IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100

IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm

IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\delicious add-on for internet explorer\DeliciousExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab

TCP: DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.1.1

TCP: Interfaces\{857952EA-37CA-4AE9-AC5D-D9606D4719C1} : DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.1.1

TCP: Interfaces\{DEF37461-7954-44E6-BE2C-FED2E977937A} : DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.1.1

TCP: Interfaces\{DEF37461-7954-44E6-BE2C-FED2E977937A}\478656E656874737475607 : DhcpNameServer = 68.237.161.12 71.250.0.12 192.168.1.1

TCP: Interfaces\{DEF37461-7954-44E6-BE2C-FED2E977937A}\6427565675962756C6563737 : DhcpNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\webgirltj\appdata\roaming\mozilla\firefox\profiles\9km31j60.default\

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll

FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\webgirltj\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\users\webgirltj\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\webgirltj\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - fales

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.firstrequest - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2010-9-9 42664]

S0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-10-7 234160]

S0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-5-12 29792]

S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-12-27 57800]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\f-secure\hips\drivers\fshs.sys [2010-9-9 68080]

S1 fsvista;F-Secure Vista Support Driver;c:\program files\f-secure\anti-virus\minifilter\fsvista.sys [2010-9-9 12400]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\f-secure\anti-virus\fsgk32st.exe [2010-9-9 219760]

S2 FlipShareServer;FlipShare Server;c:\program files\flip video\flipshareserver\FlipShareServer.exe [2010-12-15 1085440]

S2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-10-8 131584]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-5 366640]

S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2011-1-14 196912]

S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-7-27 134944]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-16 1153368]

S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-7-7 424264]

S2 SRVFTWT;SRVFTWT;c:\program files\the ftw transcriber\SRVFTWT.exe [2011-4-22 65536]

S2 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-7 341832]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\f-secure\anti-virus\minifilter\fsgk.sys [2010-9-9 148648]

S3 F-Secure Network Request Broker;F-Secure Network Request Broker;c:\program files\f-secure\common\FNRB32.exe [2010-9-9 166512]

S3 FSORSPClient;F-Secure ORSP Client;c:\program files\f-secure\orsp client\fsorsp.exe [2010-9-9 61088]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-5 22712]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-2-3 115432]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2009-3-23 120168]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-29 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\f-secure\anti-virus\win2k\fsfilter.sys [2010-9-9 39792]

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\f-secure\anti-virus\win2k\fsrec.sys [2010-9-9 25200]

.

=============== Created Last 30 ================

.

2011-08-16 15:27:59 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-16 13:37:04 388096 ----a-r- c:\users\webgirltj\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-16 13:37:04 -------- d-----w- c:\program files\Trend Micro

2011-08-16 04:19:48 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-08-16 04:19:48 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-08-15 22:38:36 5296 ----a-w- C:\FixitRegBackup.reg

2011-08-15 01:46:39 -------- d-----w- c:\windows\pss

2011-08-13 16:15:24 -------- d-----w- C:\c8f5aedffa86609b74

2011-08-13 16:07:45 -------- d-----w- c:\users\webgirltj\appdata\local\temp

2011-08-13 15:55:01 98816 ----a-w- c:\windows\sed.exe

2011-08-13 15:55:01 518144 ----a-w- c:\windows\SWREG.exe

2011-08-13 15:55:01 256000 ----a-w- c:\windows\PEV.exe

2011-08-13 15:55:01 208896 ----a-w- c:\windows\MBR.exe

2011-08-13 06:13:13 -------- d-----w- C:\446d3f2ecd73f4cc7b7e1e20f4

2011-08-13 05:28:10 -------- d-----w- C:\aa95f44cd88cf35c08299a

2011-08-13 05:01:33 -------- d-----w- C:\5ed0b09b11e3029e21b978d4b9d5f5

2011-08-13 04:40:10 -------- d-----w- C:\MSI534ca.tmp

2011-08-13 04:36:30 -------- d-----w- C:\b43592b883eda08a3c5c9fc5c1

2011-08-12 21:49:35 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{180d75c1-0a85-4f98-8b8f-e81892d91bb3}\mpengine.dll

2011-08-12 20:43:16 -------- d-----w- C:\1f2743f470da01f2566a273f43d0299d

2011-08-12 17:42:39 -------- d-----w- C:\6952a9492b02408739a8

2011-08-12 17:00:06 -------- d-----w- C:\edfe3d3ef1d6885d8fa70f82c14b

2011-08-11 16:22:01 -------- d-----w- C:\4aa987591ca5b6087f7dfb

2011-08-11 05:30:46 -------- d-----w- C:\39cf3a602d06fb9ae3b0

2011-08-11 01:13:15 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-11 01:12:55 1290624 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-07-24 21:31:31 -------- d-----w- c:\users\webgirltj\appdata\local\{942373DE-2A24-46CF-98A3-13F7E85C7939}

2011-07-22 18:00:24 -------- d-----w- c:\windows\system32\SPReview

2011-07-22 17:56:17 -------- d-----w- c:\windows\system32\EventProviders

2011-07-18 03:15:58 -------- d-----w- c:\program files\iPod

.

==================== Find3M ====================

.

2011-07-22 18:17:55 152576 ----a-w- c:\windows\system32\msclmd.dll

2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll

2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-03 19:54:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-24 04:27:01 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-24 04:22:20 271360 ----a-w- c:\windows\system32\conhost.exe

2011-06-15 08:55:19 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-06-15 08:55:19 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-06-15 08:55:19 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-06-15 08:55:19 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-06-15 08:55:19 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-06-11 02:29:25 2334208 ----a-w- c:\windows\system32\win32k.sys

2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll

2010-10-30 04:05:31 9163464 ----a-w- c:\program files\common files\lpuninstall.exe

.

============= FINISH: 11:55:57.25 ===============

does anyone have any suggestions? I don't know what to look for in these logfiles.

Can anybody help please?

Thanks

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Click Start and type in msconfig.exe

Right click the file msconfig.exe that will appear, and select Run as Admin...

Click the Startup tab, then click Disable all...

Click OK.

Restart your computer and use it normally for a bit, and let me know if the problem persists. If not, that means one or more of your items running on startup are to blame. If the problem still persists, we will attempt other avenues of troubleshooting.

Let me know how it goes.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.