iMoni

nasty facebook virus Hijacking link to other web site

39 posts in this topic

Hi I have nasty virus from facebook please help me remove it.

here are the dds results

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Monika at 13:56:17 on 2012-02-29

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1886 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\MediaMall\MediaMallServer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RTHDCPL.exe

C:\Program Files\Visioneer OneTouch\OneTouchMon.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\VERIZONDM\bin\sprtcmd.exe

C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\dps.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\pl.exe

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\epservice.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\ep.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Squeezebox\SqueezeTray.exe

C:\Users\Monika\AppData\Local\Temp\RtkBtMnt.exe

C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE

C:\Windows\System32\alg.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\MediaMall\MediaMallServer.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TrustedID Secure Browse: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\trustedid\trustedid secure browse\epbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

BHO: TrustedID Secure Browse: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\trustedid\trustedid secure browse\plbho.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [Google Update] "c:\users\monika\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

uRun: [spyware Doctor with AntiVirus] c:\users\monika\desktop\sdasetup_revwire207.exe -min

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [OneTouch Monitor] c:\program files\visioneer onetouch\OneTouchMon.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [TrustedID Secure Browse] "c:\program files\trustedid secure browse\sss.exe"

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Data Protection Suite] "c:\program files\trustedid\trustedid secure browse\dps.exe"

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [PhishLock] "c:\program files\trustedid\trustedid secure browse\pl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

StartupFolder: c:\users\monika\appdata\roaming\micros~1\windows\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\squeezebox\SqueezeTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\0527F64657364796F6E6370275962756C65637370225F657475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\D656C666275646F6 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{FEC1F568-0142-484C-87C3-765B651A5097} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

AppInit_DLLs: c:\progra~1\google\google~1\GO36F4~1.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=

FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\FFExternalAlert.dll

FF - component: c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}\components\RadioWMPCore.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\users\monika\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\users\monika\appdata\roaming\facebook\npfbplugin_1_0_3.dll

FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\monika\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-4 297168]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 EntryProtect;TrustedID Secure Browse;c:\program files\trustedid\trustedid secure browse\epservice.exe [2011-8-21 46952]

R2 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2010-10-29 3994480]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-3-2 23200]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-10-25 244960]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-1-29 18240]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-2-15 1097216]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 sbupdate;TrustedID Update Service;c:\program files\sentrybay\update\SentryBayUpdate.exe [2011-4-29 138080]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-26 30192]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

.

=============== Created Last 30 ================

.

2012-02-28 22:16:21 -------- d-----w- c:\users\monika\appdata\roaming\Malwarebytes

2012-02-28 22:16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-02-28 22:16:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-28 22:16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 21:08:32 -------- d-----w- c:\programdata\PC Tools

2012-02-15 12:33:03 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 12:32:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 12:32:54 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 12:32:53 2343424 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 13:57:02.72 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/16/2009 7:04:34 AM

System Uptime: 2/29/2012 9:37:27 AM (4 hours ago)

.

Motherboard: Acer, Inc. | | Bodensee

Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U2E1 | 983/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 148 GiB total, 81.692 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 1 GiB total, 0.934 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID:

Description: Mass Storage Controller

Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Service:

.

==== System Restore Points ===================

.

RP259: 1/19/2012 3:00:14 AM - Windows Update

RP260: 1/28/2012 4:02:37 PM - Scheduled Checkpoint

RP261: 2/4/2012 8:22:06 PM - Windows Backup

RP262: 2/16/2012 3:00:18 AM - Windows Update

RP263: 2/27/2012 1:05:40 PM - Removed Garmin WebUpdater

RP264: 2/27/2012 1:06:23 PM - Removed Facebook Messenger 2.0.4430.0

RP265: 2/28/2012 7:11:07 PM - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.5.0

Adobe SVG Viewer

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2011

AVG PC Tuneup 2011

Belarc Advisor 8.1

BlackBerry Desktop Software 6.0

BlackBerry Device Software Updater

BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone

Bonjour

Cisco AnyConnect VPN Client

CIT200

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Facebook Plug-In

Fiddler2

FlashFXP v3

Garmin Communicator Plugin

Garmin USB Drivers

Google Chrome

Google Desktop

Google Talk Plugin

HDAUDIO Soft Data Fax Modem with SmartCP

Horizon Medical Imaging Update Service

HRS 11.6 Distributed

iCloud

iPod To Computer Transfer 6.2

iTunes

Java Auto Updater

Java 6 Update 29

Logitech Media Server 7.7.0

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2003 Web Components

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

mIRC

MobileMe Control Panel

Mozilla Firefox (3.6.8)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

OGA Notifier 2.0.0048.0

OneTouch 4.6

PhysExam (Palm) v 6.0.152 by Skyscape

PlayOn

Prism Video File Converter

Quicken 2004

QuickTime

Realtek High Definition Audio Driver

Redist

Review for the PHYSICIAN ASSISTANT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SentryBay Update Helper

Skype™ 5.5

StartNow Toolbar

TrustedID Secure Browse

Uniblue RegistryBooster 2010

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Verizon Download Manager

Verizon High Speed Internet

Verizon Media Manager

Visioneer 8100 Scanner

WIDCOMM Bluetooth Software 6.0.1.3500

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

2/29/2012 1:55:51 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

2/29/2012 1:55:51 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

2/29/2012 1:55:51 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/29/2012 1:04:20 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/29/2012 1:04:19 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

2/28/2012 7:48:29 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

2/28/2012 7:46:47 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

2/28/2012 6:49:45 PM, Error: NetBT [4321] - The name "MONIKA-PC :0" could not be registered on the interface with IP address 192.168.1.112. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.

2/28/2012 10:45:02 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

2/28/2012 10:30:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Share this post


Link to post
Share on other sites

Hi I think something went wrong when I run combofix

I have disabled the AVG but I forgot to look at the list of other programs to be disabled and now combo fix is stuck on the screen

Preparing Log report

Do Not run any programs until ComboFix has finished

It's been 20 min on that screen

The other scan had found 0 threats

What should I do?

Share this post


Link to post
Share on other sites

Leave it a bit longer, as this can take a long time sometimes and see if the log comes up. If it doesn't come up, look for the log at c:\combofix.txt

Share this post


Link to post
Share on other sites

It's been like 50 min now and the blue window did not change I looked into c drive and no log file

Should I just close it?

Share this post


Link to post
Share on other sites

Yes, close it and if no log is created, rerun it and see if one pops up now.

Share this post


Link to post
Share on other sites

Ok the scan gut stuck again but I was able to find this scan report in C://Combofix/Combofix.txt

ComboFix 12-03-01.01 - Monika 03/01/2012 15:18:00.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1929 [GMT -5:00]

Running from: C:\Users\Monika\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\0665c25e931c1ac0151b062449e91028\XSAccessor.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\17d0b152e63e6bfe81b4b19588538896\mro.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\19febd96672ffdb7ea244cef36aaa062\Zlib.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\3b7106dd14676048b10bbb09a990f74c\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\4461f48e31bde5c56b31b973b773de09\List.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\44727051c604ef6b79894b64d4c63832\Expat.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f177c338672436e01c4f0bdbcf94491\EV.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f2598c08178217a0e2c754f3d568f28\Byte.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\951e8057c3fe65524966ea64dff289ac\Scan.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\aff7ee779ea184f884ed432c30a58f5d\Scale.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\b6bd87c968599725b8ab2e5c25d3046a\API.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\b979ace6da01e63d651cce9ee2474fdc\Name.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\bc147d83c7c868eeee67082dcf55430c\File.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\bd5179a413bc0c4b82eedc22c6cab101\re.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c199d3c1960e7aeeecb599487952bed2\HiRes.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c344fd5536724b2af2e6453833b60203\SHA1.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\c668a322917d32a5ea22894518aa9897\Base64.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d0bf009923f29116535c26d228271d6d\Scan.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\e56c61f7248672819579325af3387035\POSIX.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\eb138ef0e4282611dbf485a302784646\LibYAML.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\f233f63b6654362865c7577442edb9e3\Win32.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-1372\perl514.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\4461f48e31bde5c56b31b973b773de09\List.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\93e7e3d6030f426844228042348210cf\Service.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\bd5179a413bc0c4b82eedc22c6cab101\re.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\e56c61f7248672819579325af3387035\POSIX.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\eb138ef0e4282611dbf485a302784646\LibYAML.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\f233f63b6654362865c7577442edb9e3\Win32.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-3020\perl514.dll

---- Previous Run -------

C:\install.exe

C:\Program Files\StartNow Toolbar\ReactivateFF.exe

C:\Program Files\StartNow Toolbar\ReactivateIE.exe

C:\Program Files\StartNow Toolbar\Resources\images\engine_images.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_maps.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_news.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_videos.png

C:\Program Files\StartNow Toolbar\Resources\images\engine_web.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_amazon.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_ebay.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_facebook.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_games.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_msn.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_shopping.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_travel.png

C:\Program Files\StartNow Toolbar\Resources\images\icon_twitter.png

C:\Program Files\StartNow Toolbar\Resources\images\startnow_logo.png

C:\Program Files\StartNow Toolbar\Resources\installer.xml

C:\Program Files\StartNow Toolbar\Resources\skin\chevron_button.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_background.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_left.png

C:\Program Files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png

C:\Program Files\StartNow Toolbar\Resources\skin\separator.png

C:\Program Files\StartNow Toolbar\Resources\skin\splitter.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png

C:\Program Files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png

C:\Program Files\StartNow Toolbar\Resources\toolbar.xml

C:\Program Files\StartNow Toolbar\Resources\update.xml

C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe

C:\Program Files\StartNow Toolbar\Toolbar32.dll

C:\Program Files\StartNow Toolbar\ToolbarBroker.exe

C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Program Files\StartNow Toolbar\uninstall.dat

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

C:\Users\Monika\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\4461f48e31bde5c56b31b973b773de09\List.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\93e7e3d6030f426844228042348210cf\Service.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\bd5179a413bc0c4b82eedc22c6cab101\re.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\e56c61f7248672819579325af3387035\POSIX.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\eb138ef0e4282611dbf485a302784646\LibYAML.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\f233f63b6654362865c7577442edb9e3\Win32.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-4640\perl514.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\0665c25e931c1ac0151b062449e91028\XSAccessor.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\17d0b152e63e6bfe81b4b19588538896\mro.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\19febd96672ffdb7ea244cef36aaa062\Zlib.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\3b7106dd14676048b10bbb09a990f74c\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\4461f48e31bde5c56b31b973b773de09\List.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\44727051c604ef6b79894b64d4c63832\Expat.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7f177c338672436e01c4f0bdbcf94491\EV.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\7f2598c08178217a0e2c754f3d568f28\Byte.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\951e8057c3fe65524966ea64dff289ac\Scan.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\aff7ee779ea184f884ed432c30a58f5d\Scale.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\b6bd87c968599725b8ab2e5c25d3046a\API.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\b979ace6da01e63d651cce9ee2474fdc\Name.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\bc147d83c7c868eeee67082dcf55430c\File.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\bd5179a413bc0c4b82eedc22c6cab101\re.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c199d3c1960e7aeeecb599487952bed2\HiRes.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c344fd5536724b2af2e6453833b60203\SHA1.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\c668a322917d32a5ea22894518aa9897\Base64.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d0bf009923f29116535c26d228271d6d\Scan.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\e56c61f7248672819579325af3387035\POSIX.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\eb138ef0e4282611dbf485a302784646\LibYAML.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\f233f63b6654362865c7577442edb9e3\Win32.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll

C:\Users\Monika\AppData\Local\Temp\pdk-Monika-5732\perl514.dll

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome.manifest

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\bar.xul

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\buttons.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\constants.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\events.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\globals.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\hosts.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\init.js

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_images.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_maps.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_news.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_videos.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\engine_web.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_amazon.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_ebay.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_facebook.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_games.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_msn.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_shopping.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_travel.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\icon_twitter.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\installer.xml

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\chevron_button.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_hover.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_button_normal.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_dropdown_button_normal.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_background.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_left.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\searchbox_input_middle.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\separator.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\splitter.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ff_hover_c.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_c.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_l.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_hover_r.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_c.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_l.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\skin\toolbarbutton_ie_normal_r.png

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\toolbar.xml

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\locale\en-US\{5911488E-9D1E-40ec-8CBB-06B231CC153F}.dtd

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\skin\overlay.css

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\components\tellSvc.dll

C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\install.rdf

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

((((((((((((((((((((((((( Files Created from 2012-02-01 to 2012-03-01 )))))))))))))))))))))))))))))))

2012-03-01 20:27:53 . 2012-03-01 21:35:21 -------- d-----w- C:\Users\Monika\AppData\Local\temp

2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\xbox\AppData\Local\temp

2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Mcx1-MONIKA-PC\AppData\Local\temp

2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Guest\AppData\Local\temp

2012-03-01 20:27:53 . 2012-03-01 20:27:53 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-02-28 22:16:21 . 2012-02-28 22:16:21 -------- d-----w- C:\Users\Monika\AppData\Roaming\Malwarebytes

2012-02-28 22:16:13 . 2012-02-28 23:45:30 -------- d-----w- C:\ProgramData\Malwarebytes

2012-02-28 22:16:12 . 2012-02-28 22:16:15 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2012-02-28 22:16:12 . 2011-12-10 20:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-02-27 21:08:32 . 2012-02-27 21:08:32 -------- d-----w- C:\ProgramData\PC Tools

2012-02-15 12:33:03 . 2011-12-30 05:27:56 478720 ----a-w- C:\Windows\system32\timedate.cpl

2012-02-15 12:32:59 . 2011-12-16 07:52:58 690688 ----a-w- C:\Windows\system32\msvcrt.dll

2012-02-15 12:32:54 . 2012-01-04 08:58:41 442880 ----a-w- C:\Windows\system32\ntshrui.dll

2012-02-15 12:32:53 . 2012-01-14 03:35:54 2343424 ----a-w- C:\Windows\system32\win32k.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-09-13 03:05:42 . 2009-09-13 03:05:42 124240 ----a-w- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 03:06:48 . 2009-09-13 03:06:48 13136 ----a-w- C:\Program Files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 03:06:22 . 2009-09-13 03:06:22 70488 ----a-w- C:\Program Files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 03:06:32 . 2009-09-13 03:06:32 91480 ----a-w- C:\Program Files\mozilla firefox\plugins\confmgr.dll

2009-09-13 03:06:28 . 2009-09-13 03:06:28 22360 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 03:07:08 . 2009-09-13 03:07:08 255312 ----a-w- C:\Program Files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 03:06:30 . 2009-09-13 03:06:30 31064 ----a-w- C:\Program Files\mozilla firefox\plugins\icafile.dll

2009-09-13 03:06:46 . 2009-09-13 03:06:46 40280 ----a-w- C:\Program Files\mozilla firefox\plugins\icalogon.dll

2009-08-14 17:33:38 . 2009-08-14 17:33:38 652640 ----a-w- C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 03:06:24 . 2009-09-13 03:06:24 23896 ----a-w- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

2010-09-26 19:15:30 . 2010-09-26 19:15:30 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

As you can see the report shorted here

Share this post


Link to post
Share on other sites

As the browser settings aren't visible right now, can you tell me how everything is running now?

Share this post


Link to post
Share on other sites

Success I was able to finally complete the ComboFix run after uninstalling AVG

here are the results

ComboFix 12-03-01.01 - Monika 03/03/2012 20:57:41.3.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1770 [GMT -5:00]

Running from: c:\users\Monika\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\4461f48e31bde5c56b31b973b773de09\List.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\93e7e3d6030f426844228042348210cf\Service.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\bd5179a413bc0c4b82eedc22c6cab101\re.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\e56c61f7248672819579325af3387035\POSIX.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\eb138ef0e4282611dbf485a302784646\LibYAML.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\f233f63b6654362865c7577442edb9e3\Win32.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3456\perl514.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\0665c25e931c1ac0151b062449e91028\XSAccessor.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\17d0b152e63e6bfe81b4b19588538896\mro.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\19febd96672ffdb7ea244cef36aaa062\Zlib.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\3b7106dd14676048b10bbb09a990f74c\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\4461f48e31bde5c56b31b973b773de09\List.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\44727051c604ef6b79894b64d4c63832\Expat.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7f177c338672436e01c4f0bdbcf94491\EV.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\7f2598c08178217a0e2c754f3d568f28\Byte.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\87fe0906e4bfbcec428293cf9a5ac335\NetResource.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\951e8057c3fe65524966ea64dff289ac\Scan.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\aff7ee779ea184f884ed432c30a58f5d\Scale.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\b6bd87c968599725b8ab2e5c25d3046a\API.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\b979ace6da01e63d651cce9ee2474fdc\Name.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\bc147d83c7c868eeee67082dcf55430c\File.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\bd5179a413bc0c4b82eedc22c6cab101\re.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c199d3c1960e7aeeecb599487952bed2\HiRes.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c344fd5536724b2af2e6453833b60203\SHA1.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\c668a322917d32a5ea22894518aa9897\Base64.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d0bf009923f29116535c26d228271d6d\Scan.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\e56c61f7248672819579325af3387035\POSIX.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\eb138ef0e4282611dbf485a302784646\LibYAML.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\f233f63b6654362865c7577442edb9e3\Win32.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-4524\perl514.dll

.

---- Previous Run -------

.

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\0665c25e931c1ac0151b062449e91028\XSAccessor.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\17d0b152e63e6bfe81b4b19588538896\mro.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\19febd96672ffdb7ea244cef36aaa062\Zlib.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\3b7106dd14676048b10bbb09a990f74c\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\4461f48e31bde5c56b31b973b773de09\List.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\44727051c604ef6b79894b64d4c63832\Expat.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f177c338672436e01c4f0bdbcf94491\EV.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\7f2598c08178217a0e2c754f3d568f28\Byte.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\951e8057c3fe65524966ea64dff289ac\Scan.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\aff7ee779ea184f884ed432c30a58f5d\Scale.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\b6bd87c968599725b8ab2e5c25d3046a\API.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\b979ace6da01e63d651cce9ee2474fdc\Name.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\bc147d83c7c868eeee67082dcf55430c\File.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\bd5179a413bc0c4b82eedc22c6cab101\re.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c199d3c1960e7aeeecb599487952bed2\HiRes.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c344fd5536724b2af2e6453833b60203\SHA1.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\c668a322917d32a5ea22894518aa9897\Base64.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d0bf009923f29116535c26d228271d6d\Scan.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuin46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\icuuc46.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\e56c61f7248672819579325af3387035\POSIX.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\eb138ef0e4282611dbf485a302784646\LibYAML.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\f233f63b6654362865c7577442edb9e3\Win32.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-1372\perl514.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\4461f48e31bde5c56b31b973b773de09\List.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\93e7e3d6030f426844228042348210cf\Service.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\bd5179a413bc0c4b82eedc22c6cab101\re.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\c5cce8d16a1bd48692b421dcf46d3396\Util.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\e56c61f7248672819579325af3387035\POSIX.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\eb138ef0e4282611dbf485a302784646\LibYAML.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\f233f63b6654362865c7577442edb9e3\Win32.dll

c:\users\Monika\AppData\Local\Temp\pdk-Monika-3020\perl514.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Updater Service for StartNow Toolbar

-------\Service_Updater Service for StartNow Toolbar

.

.

((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))

.

.

2012-03-04 02:06 . 2012-03-04 02:08 -------- d-----w- c:\users\Monika\AppData\Local\temp

2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\xbox\AppData\Local\temp

2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Mcx1-MONIKA-PC\AppData\Local\temp

2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-03-04 02:06 . 2012-03-04 02:06 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-04 01:52 . 2012-02-20 06:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A4698E2-04F2-47CF-A4BD-128E45B63DB7}\mpengine.dll

2012-02-28 22:16 . 2012-02-28 22:16 -------- d-----w- c:\users\Monika\AppData\Roaming\Malwarebytes

2012-02-28 22:16 . 2012-02-28 23:45 -------- d-----w- c:\programdata\Malwarebytes

2012-02-28 22:16 . 2012-02-28 22:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-28 22:16 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-27 21:08 . 2012-02-27 21:08 -------- d-----w- c:\programdata\PC Tools

2012-02-15 12:33 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 12:32 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 12:32 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 12:32 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-29 10:10 . 2009-11-16 13:13 237072 ------w- c:\windows\system32\MpSigStub.exe

2009-09-13 03:05 . 2009-09-13 03:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2009-09-13 03:06 . 2009-09-13 03:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2009-09-13 03:06 . 2009-09-13 03:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2009-09-13 03:06 . 2009-09-13 03:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2009-09-13 03:06 . 2009-09-13 03:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2009-09-13 03:07 . 2009-09-13 03:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2009-09-13 03:06 . 2009-09-13 03:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2009-09-13 03:06 . 2009-09-13 03:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2009-08-14 17:33 . 2009-08-14 17:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2009-09-13 03:06 . 2009-09-13 03:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2010-09-26 19:15 . 2010-09-26 19:15 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3955aa73-8c60-4a9b-acdb-0c2edb1b6748}]

2011-08-21 22:20 141160 ----a-w- c:\program files\TrustedID\TrustedID Secure Browse\epbho.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-11 59240]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-11 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 16270848]

"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]

"SoundMan"="SOUNDMAN.EXE" [2006-07-21 86016]

"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 2808832]

"OneTouch Monitor"="c:\program files\Visioneer OneTouch\OneTouchMon.exe" [2002-04-16 86016]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"Data Protection Suite"="c:\program files\TrustedID\TrustedID Secure Browse\dps.exe" [2011-08-21 1642856]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"PhishLock"="c:\program files\TrustedID\TrustedID Secure Browse\pl.exe" [2011-08-21 688488]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg&inst=NzctNjE3MzM4NzM0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtTFNEKzItRERUKzI5NTY4LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJCKzEtVTEwKzEtRjEwTTEyQVRCTisxLVRCVlVQRysxMi1GMTBNMTJGTisxLVRCTisx∏=90&ver=10.0.1424" [?]

.

c:\users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

CIT200.lnk - c:\program files\Linksys\CIT200\cit200.exe [2006-12-21 762368]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-30 719664]

Logitech Media Server Tray Tool.lnk - c:\program files\Squeezebox\SqueezeTray.exe [2011-12-10 3051619]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SoftwareSASGeneration"= 1 (0x1)

"DisableStartupSound"= 1 (0x1)

"DisableStatusMessages"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 mrtRate;mrtRate; [x]

R2 sbupdate;TrustedID Update Service;c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 138080]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-26 30192]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-25 1343400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

S2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\Common Files\McKesson\MIG\Service\AliUpdate.exe [2010-01-18 79152]

S2 EntryProtect;TrustedID Secure Browse;c:\program files\TrustedID\TrustedID Secure Browse\epservice.exe [2011-08-21 46952]

S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [2011-01-12 3994480]

S2 ppsio2;PPDevice; [x]

S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2011-02-01 206120]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2011-02-01 185640]

S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]

S3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-09-01 18240]

S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [2006-02-15 1097216]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

S3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - epinject

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74289745-3478087381-2590528953-1001Core.job

- c:\users\Monika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 13:36]

.

2012-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-74289745-3478087381-2590528953-1001UA.job

- c:\users\Monika\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-16 13:36]

.

2012-03-04 c:\windows\Tasks\SentryBayUpdateTaskMachineCore.job

- c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 00:18]

.

2012-03-04 c:\windows\Tasks\SentryBayUpdateTaskMachineUA.job

- c:\program files\SentryBay\Update\SentryBayUpdate.exe [2011-04-30 00:18]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab

FF - ProfilePath - c:\users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\n60gv88i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\Fiddler2\FiddlerHook

FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)

HKCU-Run-Spyware Doctor with AntiVirus - c:\users\Monika\Desktop\sdasetup_revwire207.exe

HKLM-Run-TrustedID Secure Browse - c:\program files\TrustedID Secure Browse\sss.exe

AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'Explorer.exe'(3880)

c:\program files\TrustedID\TrustedID Secure Browse\epclient32.dll

c:\windows\system32\msi.dll

c:\windows\system32\SFC.DLL

c:\windows\system32\sfc_os.DLL

c:\windows\system32\btncopy.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Visioneer\OneTouch 4.0\OtService.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\program files\TrustedID\TrustedID Secure Browse\ep.exe

c:\windows\system32\conhost.exe

c:\windows\system32\UI0Detect.exe

c:\windows\system32\conhost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Completion time: 2012-03-03 21:13:47 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-04 02:13

.

Pre-Run: 97,846,898,688 bytes free

Post-Run: 97,809,326,080 bytes free

.

- - End Of File - - 998DDB9A5D660EB8D9F090B3DDD46EAA

Share this post


Link to post
Share on other sites

When you say "the virus is still there", what do you mean? What problems do you experience, please try to be as detailed as possible.

Share this post


Link to post
Share on other sites

So my problem is just as the title of this thread is when I go to www.facebook.com and try to go ether to my facebook or any other page that I don't even log into the facebook ... I am taken to pornographic web site plus if I am logged in to my facebook all of my friends get I message that I have tagged them to see a video with a link.. that's how the virus is being spread.

I have researched the facebook problems and one of them said that I should look for a process called

Security Account Manager SamSs I did find this process also they instructed to go to registery and look for a specific key which I did not found.

Interesting is the way that this thing works is like in a flash or something because you see this process loading in the middle of the page then bum you are on that xxx web site.

Any ideas?

Share this post


Link to post
Share on other sites

First of all, go to a clean computer (from a friend or so) and change your facebook password. That way you can no longer send your friends spam links using facebook.

Please download aswMBR ( 511KB ) to your desktop.

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Hi yes I was able to temporally delete my facebook account so if someone got a message all they have is an empty link as my account does not exists for time being.

Also in between waiting for your response I went through the cookies on my PC and found those:

geobanner.bookofsex... AB_TRACKING, HISTORY, IP_COUNTRY, LOCATION_FROM, ffadult_tr, ffadult_who, v_hash

and

forgot the name of the cookie but its basically the name of the web site I was taken to with this endings:

HstCfa 1833951, HstCla 1833951, basically I deleted all of them also disabled Java Script on my Chrome browser

Then I went to registery and found an add FlashFXE folder which I deleted as well

now here is the result of the scan:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software

Run date: 2012-03-04 12:29:16

-----------------------------

12:29:16.223 OS Version: Windows 6.1.7601 Service Pack 1

12:29:16.223 Number of processors: 2 586 0xE08

12:29:16.225 ComputerName: MONIKA-PC UserName: Monika

12:29:33.825 Initialize success

12:30:05.285 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

12:30:05.293 Disk 0 Vendor: Hitachi_HTS542516K9SA00 BBCOC31P Size: 152627MB BusType: 3

12:30:05.310 Disk 0 MBR read successfully

12:30:05.315 Disk 0 MBR scan

12:30:05.320 Disk 0 Windows 7 default MBR code

12:30:05.338 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 999 MB offset 2048

12:30:05.353 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2050048

12:30:05.368 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 151525 MB offset 2254848

12:30:05.375 Disk 0 scanning sectors +312578048

12:30:05.460 Disk 0 scanning C:\Windows\system32\drivers

12:30:14.229 Service scanning

12:30:41.022 Modules scanning

12:30:50.671 Disk 0 trace - called modules:

12:30:50.693

12:30:50.703 Scan finished successfully

12:31:06.537 Disk 0 MBR has been saved successfully to "C:\Users\Monika\Desktop\MBR.dat"

12:31:06.547 The log file has been saved successfully to "C:\Users\Monika\Desktop\aswMBR.txt"

Share this post


Link to post
Share on other sites

To be sure I'd like to see an offline MBR dump as well here.

Try this please. You will need a USB drive.

Download GETxPUD.exe to the desktop of your clean computer

  • Run GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Remove the USB & CD and insert it in the sick computer
  • Boot the Sick computer with the CD you just burned
  • The computer must be set to boot from the CD
  • Gently tap F12 and choose to boot from the CD
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Press Tool at the top
  • Choose Open Terminal
  • Type the following and press enter:
    dd if=/dev/sda of=mbr.bin bs=512 count=1
  • Press Enter
  • After it has finished a file will be located on your USB drive named mbr.bin
  • Remove the USB drive and insert it back in your working computer and navigate to mbr.bin, zip it up and attach it to your next reply.

This will allow me to have a look at the MasterBootRecord of your drive and see if it is infected.

Share this post


Link to post
Share on other sites

can I do that with my infected computer I don't have an access to another PC

Share this post


Link to post
Share on other sites

Yes, you can do that from the infected computer as well.

Share this post


Link to post
Share on other sites

Hi I just did some more reading and found exactly what I have here is the article.

Kaspersky Lab Detects New Worms Attacking MySpace and Facebook

New worms target both MySpace and Facebook users

Kaspersky Lab, a leading developer of secure content management systems, has detected two variants of a new worm, Net-Worm.Win32.Koobface.a. and Net-Worm.Win32.Koobface.b, which attack MySpace and Facebook respectively. As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets.

Even though the worms are currently only infecting MySpace and Facebook users, Kaspersky Lab analysts are warning users that the worms are designed to upload additional malicious modules with other functionality via the Internet. It is highly probable that victim machines will not only be used for spreading links via these social networking sites, but the botnets will also be used for other malicious purposes.

Net-Worm.Win32.Koobface.a spreads when a user accesses his/her MySpace account. The worm creates a range of commentaries to friends' accounts. Net-Worm.Win32.Koobface.b, which targets Facebook users, creates spam messages and sends them to the infected users' friends via the Facebook site. The messages and comments include texts such as Paris Hilton Tosses Dwarf On The Street; Examiners Caught Downloading Grades From The Internet; Hello; You must see it!!! LOL. My friend catched you on hidden cam; Is it really celebrity? Funny Moments and many others.

Messages and comments on MySpace and Facebook include links to http://youtube.[skip].pl. If the user clicks on this link, s/he is redirected to http://youtube.[skip].ru, a site which purportedly contains a video clip. If the user tries to watch it, a message appears saying that s/he needs the latest version of Flash Player in order to watch the clip. However, instead of the latest version of Flash Player, a file called codecsetup.exe is downloaded to the victim machine; this file is also a network worm. The result is that users who have come to the site via Facebook will have the MySpace worm downloaded to their machines, and vice versa.

“Unfortunately, users are very trusting of messages left by 'friends' on social networking sites. So the likelihood of a user clicking on a link like this is very high”, says Alexander Gostev, Senior Virus Analyst at Kaspersky Lab. “At the beginning of 2008 we predicted that we'd see an increase in cybercriminals exploiting MySpace, Facebook and similar sites, and we're now seeing evidence of this. I'm sure that this is simply the first step, and that virus writers will continue to target these resources with increased intensity”.

Kaspersky Internet Security detected these threats proactively and signatures were added to the database on July 31, 2008.

Hope it helps you with helping me :)

Share this post


Link to post
Share on other sites

No, it does not. :) Koobface shows clear signs in a log, which I don't see here. Please proceed with the xPUD steps.

Share this post


Link to post
Share on other sites

I know it does not show up but when it comes to the steps of how it happened exactly... including the Flash update.

Any way here is the xPUD file

Share this post


Link to post
Share on other sites

Sorry, but I don't see the attached file. :)

Share this post


Link to post
Share on other sites

please look up the next entry has the file :) you must have looked when I was reposting

Share this post


Link to post
Share on other sites

Yes, it looks like we crossposted. :) That looks good. Can you please rerun DDS and post me the new log?

Please launch also MBAM, update it and run a full scan. Post me the resulting log.

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.04.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Monika :: MONIKA-PC [administrator]

3/4/2012 3:35:16 PM

mbam-log-2012-03-04 (15-35-16).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 362680

Time elapsed: 1 hour(s), 36 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Monika at 17:13:13 on 2012-03-04

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3070.1622 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

C:\Program Files\AVG\AVG2012\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\McKesson\MIG\Service\AliUpdate.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\VERIZONDM\bin\tgsrvc.exe

C:\Program Files\AVG\AVG2012\avgnsx.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\epservice.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\ep.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\RTHDCPL.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\dps.exe

C:\Program Files\TrustedID\TrustedID Secure Browse\pl.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Squeezebox\SqueezeTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Monika\AppData\Local\Temp\RtkBtMnt.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\PROGRA~1\SQUEEZ~1\server\SQUEEZ~3.EXE

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Monika\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: TrustedID Secure Browse: {3955aa73-8c60-4a9b-acdb-0c2edb1b6748} - c:\program files\trustedid\trustedid secure browse\epbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll

BHO: TrustedID Secure Browse: {ff507020-a257-4527-a222-b6f5732e55ee} - c:\program files\trustedid\trustedid secure browse\plbho.dll

uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe

uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AlcWzrd] ALCWZRD.EXE

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [Data Protection Suite] "c:\program files\trustedid\trustedid secure browse\dps.exe"

mRun: [PhishLock] "c:\program files\trustedid\trustedid secure browse\pl.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE3MzM4NzM0LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsyLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtTFNEKzItRERUKzI5NTY4LUREMTBGKzEtU1QxMEZBUFArMS1GMTBNMTJCKzEtVTEwKzEtRjEwTTEyQVRCTisxLVRCVlVQRysxMi1GMTBNMTJGTisxLVRCTisx"&"prod=90"&"ver=10.0.1424

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\squeezebox\SqueezeTray.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: SoftwareSASGeneration = 1 (0x1)

mPolicies-system: DisableStartupSound = 1 (0x1)

mPolicies-system: DisableStatusMessages = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "c:\program files\fiddler2\Fiddler.exe"

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {36B874FC-EECA-4622-8DCE-F8D453C88845} - hxxps://cnypacs.com/HRS/download/AliUpdate.cab

DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn.stemc.org/CACHE/stc/1/binaries/vpnweb.cab

DPF: {6A1C1D9A-00D4-468C-BAC0-34941BF5DBA1} - hxxps://cnypacs.com/HRS/download/Setup.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\0527F64657364796F6E6370275962756C65637370225F657475627 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\2456C6B696E6F574F505C65737F5D494D4F4F5138303137303 : DhcpNameServer = 65.32.5.111 65.32.5.112

TCP: Interfaces\{6EF495A2-8B37-4967-BC10-32E0F501172A}\D656C666275646F6 : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{FEC1F568-0142-484C-87C3-765B651A5097} : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\monika\appdata\roaming\mozilla\firefox\profiles\n60gv88i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1621166&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z128&ocid=zdhp&install_date=20111215

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z128&form=ZGAADF&install_date=20111215&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - c:\program files\fiddler2\FiddlerHook

FF - Ext: CommentsBar 1 Toolbar: {23ec984e-464c-4a0c-a8df-f80cb8c090e1} - %profile%\extensions\{23ec984e-464c-4a0c-a8df-f80cb8c090e1}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

R2 AliUpdate;Horizon Medical Imaging Update Service;c:\program files\common files\mckesson\mig\service\AliUpdate.exe [2010-1-18 79152]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]

R2 EntryProtect;TrustedID Secure Browse;c:\program files\trustedid\trustedid secure browse\epservice.exe [2011-8-21 46952]

R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2010-3-2 23200]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 epfilter;epfilter;c:\windows\system32\drivers\epfilter.sys [2011-1-29 18240]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2006-2-15 1097216]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 sbupdate;TrustedID Update Service;c:\program files\sentrybay\update\SentryBayUpdate.exe [2011-4-29 138080]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-3 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-9-26 30192]

S4 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2010-10-29 3994480]

.

=============== Created Last 30 ================

.

2012-03-04 17:08:12 -------- d-----w- c:\windows\pss

2012-03-04 02:19:23 -------- d-----w- c:\users\monika\appdata\roaming\AVG2012

2012-03-04 02:17:51 -------- d-----w- c:\programdata\AVG2012

2012-03-04 02:13:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-03-04 02:06:50 -------- d-----w- c:\users\monika\appdata\local\temp

2012-03-04 01:53:01 5516608 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll

2012-03-04 01:52:55 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6a4698e2-04f2-47cf-a4bd-128e45b63db7}\mpengine.dll

2012-03-01 16:00:56 98816 ----a-w- c:\windows\sed.exe

2012-03-01 16:00:56 518144 ----a-w- c:\windows\SWREG.exe

2012-03-01 16:00:56 256000 ----a-w- c:\windows\PEV.exe

2012-03-01 16:00:56 208896 ----a-w- c:\windows\MBR.exe

2012-02-28 22:16:21 -------- d-----w- c:\users\monika\appdata\roaming\Malwarebytes

2012-02-28 22:16:13 -------- d-----w- c:\programdata\Malwarebytes

2012-02-28 22:16:12 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-28 22:16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 21:08:32 -------- d-----w- c:\programdata\PC Tools

2012-02-15 12:33:03 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-15 12:32:59 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-15 12:32:54 442880 ----a-w- c:\windows\system32\ntshrui.dll

2012-02-15 12:32:53 2343424 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-01-29 10:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb

.

============= FINISH: 17:14:12.24 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 11/16/2009 7:04:34 AM

System Uptime: 3/4/2012 3:07:51 PM (2 hours ago)

.

Motherboard: Acer, Inc. | | Bodensee

Processor: Genuine Intel® CPU T2300 @ 1.66GHz | U2E1 | 983/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 148 GiB total, 90.016 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 1 GiB total, 0.934 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

Device ID: ROOT\NET\0000

Manufacturer: Cisco Systems

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows

PNP Device ID: ROOT\NET\0000

Service: vpnva

.

Class GUID:

Description: Mass Storage Controller

Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Manufacturer:

Name: Mass Storage Controller

PNP Device ID: PCI\VEN_104C&DEV_803B&SUBSYS_00941025&REV_00\4&3981ECD8&0&4AF0

Service:

.

==== System Restore Points ===================

.

RP266: 3/3/2012 6:43:16 PM - Windows Backup

RP267: 3/3/2012 8:42:18 PM - Removed AVG 2011

RP268: 3/3/2012 8:44:31 PM - Removed AVG 2011

RP269: 3/3/2012 8:52:23 PM - Windows Update

RP270: 3/3/2012 9:16:43 PM - Installed AVG 2012

RP271: 3/3/2012 9:17:19 PM - Installed AVG 2012

.

==== Installed Programs ======================

.

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Photoshop 6.0

Adobe Reader 9.5.0

Adobe SVG Viewer

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2012

AVG PC Tuneup 2011

Belarc Advisor 8.1

BlackBerry Desktop Software 6.0

BlackBerry Device Software Updater

BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone

Bonjour

Cisco AnyConnect VPN Client

CIT200

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Compatibility Pack for the 2007 Office system

Facebook Plug-In

Fiddler2

FlashFXP v3

Garmin Communicator Plugin

Garmin USB Drivers

Google Chrome

Google Desktop

Google Talk Plugin

HDAUDIO Soft Data Fax Modem with SmartCP

Horizon Medical Imaging Update Service

HRS 11.6 Distributed

iCloud

iPod To Computer Transfer 6.2

iTunes

Java Auto Updater

Java 6 Update 29

Logitech Media Server 7.7.0

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2003 Web Components

Microsoft Office File Validation Add-In

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MobileMe Control Panel

Mozilla Firefox (3.6.8)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

OGA Notifier 2.0.0048.0

OneTouch 4.6

PhysExam (Palm) v 6.0.152 by Skyscape

PlayOn

Prism Video File Converter

Quicken 2004

QuickTime

Realtek High Definition Audio Driver

Redist

Review for the PHYSICIAN ASSISTANT

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

SentryBay Update Helper

Skype™ 5.5

TrustedID Secure Browse

Uniblue RegistryBooster 2010

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Verizon Download Manager

Verizon High Speed Internet

Verizon Media Manager

Visioneer 8100 Scanner

WIDCOMM Bluetooth Software 6.0.1.3500

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Media Player Firefox Plugin

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

3/4/2012 3:10:16 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535

3/4/2012 3:10:16 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535

3/4/2012 3:10:16 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.

3/4/2012 3:10:11 PM, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

3/4/2012 3:09:22 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

3/4/2012 3:09:00 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

3/4/2012 1:18:31 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

3/3/2012 9:02:17 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

3/3/2012 8:55:34 PM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).

3/1/2012 11:03:12 AM, Error: Service Control Manager [7034] - The Updater Service for StartNow Toolbar service terminated unexpectedly. It has done this 1 time(s).

3/1/2012 10:40:16 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{6EF495A2-8B37-4967-BC10-32E0F501172A} because another computer on the network has the same name. The server could not start.

3/1/2012 10:40:16 AM, Error: NetBT [4321] - The name "MONIKA-PC :20" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.

3/1/2012 10:40:16 AM, Error: NetBT [4321] - The name "MONIKA-PC :0" could not be registered on the interface with IP address 192.168.1.101. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.

2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Server service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

2/29/2012 1:14:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/29/2012 1:04:20 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/28/2012 6:49:45 PM, Error: NetBT [4321] - The name "MONIKA-PC :0" could not be registered on the interface with IP address 192.168.1.112. The computer with the IP address 169.254.224.8 did not allow the name to be claimed by this computer.

2/28/2012 10:30:57 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.