Sign in to follow this  
Followers 0
Gaxas

Computer very slowly turns on

4 posts in this topic

Hi! I have problem. My computer always very slowly turns on. Several times I get error in blue background and computer has restarted. Maybe I'm infected? Thanks for help :)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Mindaugas at 7:53:41 on 2011-10-22
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3071.2050 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Users\Mindaugas\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Mindaugas\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mindaugas\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.lt/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: IObit Toolbar: {0bda0769-fd72-49f4-9266-e1fb004f4d8f} - c:\program files\iobit toolbar\ie\4.6\iobitToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [Google Update] "c:\users\mindaugas\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{FAB337E5-0D6D-4367-AA48-07D137D62A9F} : NameServer = 86.100.0.8,86.100.0.88
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mindaugas\appdata\roaming\mozilla\firefox\profiles\82ktzwgc.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://ls-mods.lt/administrator/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\soda pdf\ffsodaext\components\SodaFFPDFConverter.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\users\mindaugas\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
# Mozilla User Preferences
.
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
.
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.enabled - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1315329444
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1314779629
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1315329324
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1314342820
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1311709386
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1315329204
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.download.lastDir - c:\\users\\mindaugas\\Desktop
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.places.importBookmarksHTML - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.defaultenginename - Yahoo
FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=380920
FF - user.js: browser.search.selectedEngine - Yahoo
FF - user.js: browser.search.update - false
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://ls-mods.lt/administrator/
FF - user.js: browser.startup.homepage_override.buildID - 20110707182747
FF - user.js: browser.startup.homepage_override.mstone - rv:5.0.1
FF - user.js: browser.tabs.warnOnClose - false
FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.5.0.1
FF - user.js: dom.disable_window_flip - false
FF - user.js: dom.disable_window_status_change - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: extensions.blocklist.pingCountTotal - 19
FF - user.js: extensions.blocklist.pingCountVersion - 19
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 3
FF - user.js: extensions.enabledAddons - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,iobit@mybrowserbar.com:4.6,wtxpcom@mybrowserbar.com:4.6,{972ce4c6-7e08-4474-a285-3208198ce6fd}:5.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,bkmrksync@nokia.com:1.0.0.732,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,wrc@avast.com:20110101,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,FFSodaPDFConverter@sodapdf.com:1.0,{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26,iobit@mybrowserbar.com:4.5,wtxpcom@mybrowserbar.com:4.5,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\bkmrksync@nokia.com\:{\descriptor\:\c:\\\\program files\\\\nokia\\\\nokia pc suite 7\\\\bkmrksync\,\mtime\:1281192277288},\wrc@avast.com\:{\descriptor\:\c:\\\\program files\\\\avast software\\\\avast\\\\webrep\\\\ff\,\mtime\:1299355100809}}},{\name\:\app-global\,\addons\:{\iobit@mybrowserbar.com\:{\descriptor\:\c:\\\\program files\\\\iobit toolbar\\\\ff\,\mtime\:1314713143747},\wtxpcom@mybrowserbar.com\:{\descriptor\:\c:\\\\program files\\\\common files\\\\spigot\\\\wtxpcom\,\mtime\:1314766912640},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1311766095694},\{cafeefac-0016-0000-0020-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0020-abcdeffedcba}\,\mtime\:1273242403551},\{cafeefac-0016-0000-0022-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0022-abcdeffedcba}\,\mtime\:1290838797501},\{cafeefac-0016-0000-0023-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0023-abcdeffedcba}\,\mtime\:1296892602235},\{cafeefac-0016-0000-0024-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0024-abcdeffedcba}\,\mtime\:1299753061220},\{cafeefac-0016-0000-0026-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0026-abcdeffedcba}\,\mtime\:1309331788399}}},{\name\:\app-profile\,\addons\:{\{64161300-e22b-11db-8314-0800200c9a66}\:{\descriptor\:\c:\\\\users\\\\mindaugas\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\82ktzwgc.default\\\\extensions\\\\{64161300-e22b-11db-8314-0800200c9a66}\,\mtime\:1278839267200}}}]
FF - user.js: extensions.lastAppVersion - 5.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.speeddial.currentVersion - 0.9.5
FF - user.js: extensions.speeddial.defaultDialJavascript - true
FF - user.js: extensions.speeddial.group-1-columns - 3
FF - user.js: extensions.speeddial.group-1-rows - 3
FF - user.js: extensions.speeddial.loadInNewTab - true
FF - user.js: extensions.speeddial.maximumWidth - 1200
FF - user.js: extensions.speeddial.showInAreaContextMenu - true
FF - user.js: extensions.speeddial.showInTabContextMenu - true
FF - user.js: extensions.speeddial.thumbnail-1-dynamictitle - true
FF - user.js: extensions.speeddial.thumbnail-1-format - png
FF - user.js: extensions.speeddial.thumbnail-1-js - true
FF - user.js: extensions.speeddial.thumbnail-1-label - LS mods site
FF - user.js: extensions.speeddial.thumbnail-1-lastsaved - 1294077903112
FF - user.js: extensions.speeddial.thumbnail-1-refreshinterval - 86400
FF - user.js: extensions.speeddial.thumbnail-1-url - hxxp://ls-mods.lt/
FF - user.js: extensions.update.enabled - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.wrc.RulesVersion -
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.style - some style
FF - user.js: extensions.wrc.SearchRules./v1/update/rule/foo.bar.url - testik.bb
FF - user.js: extensions.wrc.SearchRules.ask.com.style - .WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.ask.com.url - ^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.atlas.cz.style - .WRCN {display:none} .result .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.cz.url - ^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+
FF - user.js: extensions.wrc.SearchRules.atlas.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.atlas.sk.url - ^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.baidu.com.style - .WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.baidu.com.url - ^http\\:\\/\\/www\\.baidu\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.bing.com.style - .WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.bing.com.url - ^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.cz.style - .WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.cz.url - ^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.centrum.sk.style - .WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.centrum.sk.url - ^http\\:\\/\\/search\\.centrum\\.sk\\/.+
FF - user.js: extensions.wrc.SearchRules.delicious.com.style - .WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.delicious.com.url - ^http\\:\\/\\/www\\.delicious\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.dmoz.org.style - .WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\IMAGE\) right no-repeat} ol.site li .ref .WRCN {display:none!important}
FF - user.js: extensions.wrc.SearchRules.dmoz.org.url - ^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+
FF - user.js: extensions.wrc.SearchRules.excite.com.style - .WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.excite.com.url - ^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+
FF - user.js: extensions.wrc.SearchRules.facebook.com.style - .WRCN {display:none} .WRCN {display:none} .uiAttachmentTitle .WRCN, .uiStreamMessage .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.facebook.com.url - ^http\\:\\/\\/www\\.facebook\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.fastweb.it.style - .WRCN {display:none} .gs-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.fastweb.it.url - ^http\\:\\/\\/www\\.fastweb\\.it\\/portale\\/google\\/.+
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.style - .WRCN {display:none} .res_body .res_entry .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.gazeta.pl.url - ^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.google.com.style - .WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.google.com.url - ^http(s)?\\:\\/\\/((www|encrypted)\\.)?google\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.*
FF - user.js: extensions.wrc.SearchRules.interia.pl.style - .WRCN {display:none} .row .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.interia.pl.url - ^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+
FF - user.js: extensions.wrc.SearchRules.lycos.com.style - .WRCN {display:none} .results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .results .sponsored .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.lycos.com.url - ^http\\:\\/\\/search\\.lycos\\.(com?\\.[a-z]{2}|[a-z]{2,})\\/.+
FF - user.js: extensions.wrc.SearchRules.onet.pl.style - .WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.onet.pl.url - ^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.style - .WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.paginegialle.it.url - ^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+
FF - user.js: extensions.wrc.SearchRules.public.avast.com.style - .WRCN {display:inline; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.public.avast.com.url - ^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.rambler.ru.style - .WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.rambler.ru.url - ^http\\:\\/\\/nova\\.rambler\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.scroogle.org.style - a + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.scroogle.org.url - ^http\\:\\/\\/www\\.scroogle\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.seznam.cz.style - .WRCN {display:none} #results .text .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.seznam.cz.url - ^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*
FF - user.js: extensions.wrc.SearchRules.sky.com.style - .WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.sky.com.url - ^http\\:\\/\\/search\\.sky\\.com/.+
FF - user.js: extensions.wrc.SearchRules.slashdot.org.style - .WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.slashdot.org.url - ^http\\:\\/\\/slashdot\\.org\\/.*
FF - user.js: extensions.wrc.SearchRules.terra.com.br.style - .WRCN {display:none} .col-left-full .list-results .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.terra.com.br.url - ^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.tiscali.it.style - .WRCN {display:none} .item .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.tiscali.it.url - ^http\\:\\/\\/search\\.tiscali\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.twitter.com.style - .WRCN {display:none} .entry-content .web + .WRCN, .twtr-tweet-text .twtr-hyperlink + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.twitter.com.url - ^hxxp://twitter\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.uol.com.br.style - .WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} #results .link .similar .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.uol.com.br.url - ^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+
FF - user.js: extensions.wrc.SearchRules.virgilio.it.style - .WRCN {display:none} .risultati .record .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.virgilio.it.url - ^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.style - .WRCN {display:none} .result-title .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.virginmedia.com.url - ^http\\:\\/\\/search\\.virginmedia\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.whereis.com.style - .WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.whereis.com.url - ^http\\:\\/\\/www\\.whereis\\.com\\/.*
FF - user.js: extensions.wrc.SearchRules.wp.pl.style - .WRCN {display:none} .rek big .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.wp.pl.url - ^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+
FF - user.js: extensions.wrc.SearchRules.yahoo.com.style - .WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yahoo.com.url - ^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*
FF - user.js: extensions.wrc.SearchRules.yandex.ru.style - .WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.yandex.ru.url - ^http\\:\\/\\/yandex\\.ru\\/.+
FF - user.js: extensions.wrc.SearchRules.yell.com.style - .WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}
FF - user.js: extensions.wrc.SearchRules.yell.com.url - ^http\\:\\/\\/www\\.yell\\.com\\/.+
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.style - .WRCN {display:none} .box_content .link_right .link_title + .WRCN {display:inline !important; background: url(\IMAGE\) right no-repeat}
FF - user.js: extensions.wrc.SearchRules.zoznam.sk.url - ^http\\:\\/\\/www\\.zoznam\\.sk\\/.+
FF - user.js: idle.lastDailyNotification - 1314261705
FF - user.js: intl.charsetmenu.browser.cache - windows-1252, windows-1257, ISO-8859-1, UTF-8, windows-1250
FF - user.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=380920&p=
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: places.database.lastMaintenance - 1314261705
FF - user.js: places.history.expiration.transient_current_max_pages - 96614
FF - user.js: places.last_vacuum - 1309678886
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.current_page - false
FF - user.js: pref.privacy.disable_button.view_passwords - false
FF - user.js: pref.privacy.disable_button.view_passwords_exceptions - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 2
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1311870121
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1317814423
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-6-24 16184]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-5 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-5 301528]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-6-24 353168]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-8-17 402328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-5 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-3-5 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-5 42184]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-24 820568]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-4-3 240232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2009-12-16 65856]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-7-21 18768]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-2 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-11-16 267568]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-7-21 30600]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-7-21 19280]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-18 1343400]
.
=============== Created Last 30 ================
.
2011-10-19 16:35:56 -------- d-----w- c:\program files\Ski Region Simulator 2012 Demo
2011-10-18 15:05:44 -------- d-----w- c:\users\mindaugas\appdata\roaming\com.bigfatsimulations.airportmadness3.3A85083A650345D1ADAB4572C5816AD2DC9802A3.1
2011-09-28 18:43:08 -------- d-----w- c:\users\mindaugas\appdata\roaming\Malwarebytes
2011-09-28 18:42:59 -------- d-----w- c:\programdata\Malwarebytes
2011-09-28 18:42:56 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-28 18:42:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-25 18:44:12 -------- d-----w- c:\program files\Eltima Software
.
==================== Find3M ====================
.
2011-10-04 05:49:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-15 17:51:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 7:54:27.37 ===============

Share this post


Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Don't use code tags please.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.