Jump to content

Computer very slowly turns on


Gaxas

Recommended Posts

Hi! I have problem. My computer always very slowly turns on. Several times I get error in blue background and computer has restarted. Maybe I'm infected? Thanks for help :)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Mindaugas at 7:53:41 on 2011-10-22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2050 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\Mindaugas\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Mindaugas\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\mindaugas\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{FAB337E5-0D6D-4367-AA48-07D137D62A9F} : NameServer = 86.100.0.8,86.100.0.88
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mindaugas\appdata\roaming\mozilla\firefox\profiles\82ktzwgc.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ls-mods.lt/administrator/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\soda pdf\ffsodaext\components\SodaFFPDFConverter.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\mindaugas\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.enabled - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1315329444
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1314779629
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1315329324
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1314342820
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1311709386
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1315329204
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\users\\mindaugas\\Desktop
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=380920
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.update - false
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://ls-mods.lt/administrator/
FF - user.js: browser.startup.homepage_override.buildID - 20110707182747
FF - user.js: browser.startup.homepage_override.mstone - rv:5.0.1
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.5.0.1
FF - user.js: dom.disable_window_flip - false
FF - user.js: dom.disable_window_status_change - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 19
FF - user.js: extensions.blocklist.pingCountVersion - 19
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,iobit@mybrowserbar.com:4.6,wtxpcom@mybrowserbar.com:4.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,bkmrksync@nokia.com:1.0.0.732,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,wrc@avast.com:20110101,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,FFSodaPDFConverter@sodapdf.com:1.0,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,iobit@mybrowserbar.com:4.5,wtxpcom@mybrowserbar.com:4.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\bkmrksync@nokia.com\:{\descriptor\:\c:\\\\program files\\\\nokia\\\\nokia pc suite 7\\\\bkmrksync\,\mtime\:1281192277288},\wrc@avast.com\:{\descriptor\:\c:\\\\program files\\\\avast software\\\\avast\\\\webrep\\\\ff\,\mtime\:1299355100809}}},{\name\:\app-global\,\addons\:{\iobit@mybrowserbar.com\:{\descriptor\:\c:\\\\program files\\\\iobit toolbar\\\\ff\,\mtime\:1314713143747},\wtxpcom@mybrowserbar.com\:{\descriptor\:\c:\\\\program files\\\\common files\\\\spigot\\\\wtxpcom\,\mtime\:1314766912640},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1311766095694},\{cafeefac-0016-0000-0020-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0020-abcdeffedcba}\,\mtime\:1273242403551},\{cafeefac-0016-0000-0022-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0022-abcdeffedcba}\,\mtime\:1290838797501},\{cafeefac-0016-0000-0023-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0023-abcdeffedcba}\,\mtime\:1296892602235},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1299753061220},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1309331788399}}},{\name\:\app-profile\,\addons\:{\{64161300-e22b-11db-8314-0800200c9a66}\:{\descriptor\:\c:\\\\users\\\\mindaugas\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\82ktzwgc.default\\\\extensions\\\\{64161300-e22b-11db-8314-0800200c9a66}\,\mtime\:1278839267200}}}]
FF - user.js: extensions.lastAppVersion - 5.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.speeddial.currentVersion - 0.9.5
FF - user.js: extensions.speeddial.defaultDialJavascript - true
FF - user.js: extensions.speeddial.group-1-columns - 3
FF - user.js: extensions.speeddial.group-1-rows - 3
FF - user.js: extensions.speeddial.loadInNewTab - true
FF - user.js: extensions.speeddial.maximumWidth - 1200
FF - user.js: extensions.speeddial.showInAreaContextMenu - true
FF - user.js: extensions.speeddial.showInTabContextMenu - true
FF - user.js: extensions.speeddial.thumbnail-1-dynamictitle - true
FF - user.js: extensions.speeddial.thumbnail-1-format - png
FF - user.js: extensions.speeddial.thumbnail-1-js - true
FF - user.js: extensions.speeddial.thumbnail-1-label - LS mods site
FF - user.js: extensions.speeddial.thumbnail-1-lastsaved - 1294077903112
FF - user.js: extensions.speeddial.thumbnail-1-refreshinterval - 86400
FF - user.js: extensions.speeddial.thumbnail-1-url - hxxp://ls-mods.lt/
FF - user.js: extensions.update.enabled - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.wrc.RulesVersion -
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.ask.com.style - .WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.ask.com.url - ^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .result .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/www\\.delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+
FF - user.js: extensions.wrc.SearchRules.facebook.com.style - .WRCN {display:none} .WRCN {display:none} .uiAttachmentTitle .WRCN, .uiStreamMessage .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.facebook.com.url - ^http\\:\\/\\/www\\.facebook\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.fastweb.it.style - .WRCN {display:none} .gs-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.fastweb.it.url - ^http\\:\\/\\/www\\.fastweb\\.it\\/portale\\/google\\/.+
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .res_body .res_entry .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.lycos.com.style - .WRCN {display:none} .results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .results .sponsored .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.lycos.com.url - ^http\\:\\/\\/search\\.lycos\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .text .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} .col-left-full .list-results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .item .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.twitter.com.style - .WRCN {display:none} .entry-content .web + .WRCN, .twtr-tweet-text .twtr-hyperlink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.twitter.com.url - ^hxxp://twitter\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .risultati .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .rek big .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: idle.lastDailyNotification - 1314261705
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, windows-1257, ISO-8859-1, UTF-8, windows-1250
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1314261705
FF - user.js: places.history.expiration.transient_current_max_pages - 96614
FF - user.js: places.last_vacuum - 1309678886
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 2
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1311870121
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1317814423
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-24 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-5 301528]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-24 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-5 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-5 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-5 42184]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-24 820568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-7-21 18768]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-7-21 30600]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-7-21 19280]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2011-10-19 16:35:56 -------- d-----w- c:\program files\Ski Region Simulator 2012 Demo
2011-10-18 15:05:44 -------- d-----w- c:\users\mindaugas\appdata\roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
2011-09-28 18:43:08 -------- d-----w- c:\users\mindaugas\appdata\roaming\Malwarebytes
2011-09-28 18:42:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 18:42:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 18:42:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-25 18:44:12 -------- d-----w- c:\program files\Eltima Software
.
==================== Find3M ====================
.
2011-10-04 05:49:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 17:51:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 7:54:27.37 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Don't use code tags please.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.