Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirected


  • Please log in to reply
5 replies to this topic

#1 lvorobei

lvorobei

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 13 September 2009 - 12:39 PM

My Google searches are becoming increasingly redirected to various other sites. No virus/malware was detected by symantec antivirus, malwarebytes, or Adaware. I have pasted the DDS log, and attached attach.txt. However, I was not able to complete a RootRepeal scan, as I get an error message towards the end of the scan; perhaps there is an alternative to using this program?. Please help me remove this infection!


DDS (Ver_09-07-30.01) - NTFSx86

Run by Leon at 9:47:28.91 on 13/09/2009
Internet Explorer: 8.0.6001.18813 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.917 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: MalwareRemovalBot *disabled* (Updated) {D36101F1-66CF-4F99-8914-F4026E2ACEE5}
SP: Symantec Endpoint Protection *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\msdtc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Leon\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.shoptoshiba.ca/welcome
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [perfdm32] rundll32.exe "c:\users\leon\appdata\local\perfdm32\perfdm32.dll", DllInit
uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\leon\appdata\roaming\mozilla\firefox\profiles\6862m387.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-3 64160]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-9-7 18816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2006-11-2 7168]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-5 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2006-12-6 7168]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1562096]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\common files\acronis\acronis disk director\oss_reinstall_svc.exe [2007-2-22 2217416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-5 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-6-26 23888]

=============== Created Last 30 ================

2009-09-12 17:43 0 a------- C:\t1g8.2
2009-09-07 07:20 18,816 -------- c:\windows\system32\SAVRKBootTasks.sys
2009-09-07 00:30 <DIR> --d----- c:\program files\Sophos
2009-09-06 20:21 <DIR> --d----- c:\programdata\NOS
2009-09-06 19:30 <DIR> --d----- c:\users\leon\appdata\roaming\Malwarebytes
2009-09-06 19:29 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-06 19:29 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-06 19:29 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-06 19:29 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-06 19:29 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 17:40 <DIR> --d----- c:\users\leon\appdata\roaming\wsInspector
2009-09-06 17:37 <DIR> --d----- c:\program files\Startup Inspector
2009-09-06 17:34 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-09-06 17:17 <DIR> --d----- c:\program files\Trend Micro
2009-09-06 16:23 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-06 16:23 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-06 16:23 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-06 16:21 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-06 15:04 <DIR> --d----- c:\program files\Taskbar Shuffle
2009-09-06 14:31 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-06 14:27 2,868,224 a------- c:\windows\system32\mf.dll
2009-09-06 14:26 385,536 a------- c:\windows\system32\vds.exe
2009-09-06 14:25 187,904 a------- c:\windows\system32\eapp3hst.dll
2009-09-06 13:30 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-09-06 13:30 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-09-06 10:58 <DIR> --d----- C:\PerfLogs
2009-09-06 09:53 2,048 a------- c:\windows\system32\tzres.dll
2009-09-05 15:49 <DIR> --d----- c:\programdata\IObit
2009-09-05 15:49 <DIR> --d----- c:\progra~2\IObit
2009-09-05 15:49 38,112 a------- c:\windows\system32\drivers\v2imount.sys
2009-09-05 15:49 138,464 a------- c:\windows\system32\drivers\symsnap.sys
2009-09-05 15:35 215,144 a----r-- c:\windows\patchw32.dll
2009-09-05 15:34 <DIR> --d----- c:\users\leon\appdata\roaming\Symantec
2009-09-05 15:32 215,144 a----r-- c:\windows\pw32a.dll
2009-09-05 15:14 109,360 a------- c:\windows\system32\GEARAspi.dll
2009-09-05 15:14 15,664 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-05 15:14 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2009-09-05 15:14 15,088 a------- c:\windows\system32\drivers\vproeventmonitor.sys
2009-09-05 15:12 <DIR> --d----- c:\program files\Norton Ghost
2009-09-03 20:46 15,688 a------- c:\windows\system32\lsdelete.exe
2009-09-03 20:42 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-09-03 20:39 <DIR> --d----- c:\programdata\Lavasoft
2009-09-03 20:39 <DIR> --d----- c:\program files\Lavasoft
2009-09-03 20:23 <DIR> -cd-h--- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-03 20:23 <DIR> -cd-h--- c:\progra~2\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-02 14:11 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 14:11 28,672 a------- c:\windows\system32\Apphlpdm.dll
2009-09-02 11:13 <DIR> --d----- c:\users\leon\appdata\roaming\AVG8
2009-09-02 10:03 <DIR> --d----- c:\program files\Unlocker
2009-09-02 07:35 <DIR> --d----- c:\program files\IObit
2009-08-31 21:43 116,839 a------- c:\windows\hpqins00.dat
2009-08-31 21:39 <DIR> --d----- c:\users\leon\appdata\roaming\HpUpdate
2009-08-31 21:39 <DIR> --d----- c:\windows\Hewlett-Packard
2009-08-31 21:28 <DIR> --dsh--- C:\found.000
2009-08-25 23:00 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-08-25 17:50 1,696,768 a------- c:\windows\system32\gameux.dll
2009-08-23 12:32 <DIR> --d----- c:\users\leon\appdata\roaming\WordWeb
2009-08-23 12:31 1,291,880 a------- c:\windows\wweb32.dll
2009-08-23 12:31 <DIR> --d----- c:\program files\WordWeb
2009-08-23 11:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-08-23 11:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-08-23 11:44 <DIR> --d----- c:\program files\common files\PX Storage Engine
2009-08-22 22:06 539,160 a------- c:\windows\system32\LVUI2.dll
2009-08-22 22:06 416,280 a------- c:\windows\system32\LVCodec2.dll
2009-08-22 22:06 539,160 a------- c:\windows\system32\LVUI2RC.dll
2009-08-22 20:32 <DIR> --d----- c:\programdata\WEBREG
2009-08-22 20:32 <DIR> --d----- c:\progra~2\WEBREG
2009-08-22 20:26 <DIR> --d----- c:\programdata\HP Product Assistant
2009-08-22 20:25 <DIR> --d----- c:\program files\common files\HP
2009-08-22 20:21 729,088 a------- c:\windows\system32\hpowiax7.dll
2009-08-22 20:21 581,632 a------- c:\windows\system32\hpotscl6.dll
2009-08-22 20:21 372,736 a------- c:\windows\system32\hppldcoi.dll
2009-08-22 20:21 303,104 a------- c:\windows\system32\hpovst15.dll
2009-08-22 20:06 157,556 a------- c:\windows\hpoins28.dat
2009-08-22 20:06 932 -------- c:\windows\hpomdl28.dat
2009-08-22 20:01 157,412 -------- c:\windows\hpoins28.dat.temp
2009-08-22 20:01 932 -------- c:\windows\hpomdl28.dat.temp
2009-08-22 19:52 705,536 a------- c:\windows\system32\imagesp1.dll
2009-08-22 19:50 188,928 a------- c:\windows\system32\WSManMigrationPlugin.dll
2009-08-22 19:49 204,800 a------- c:\windows\system32\framedynos.dll
2009-08-22 19:48 1,029,120 a------- c:\windows\system32\d3d10.dll
2009-08-22 19:47 145,455 a------- c:\windows\system32\perfmon.msc
2009-08-22 12:22 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-22 12:21 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-22 12:21 503,864 a------- c:\windows\system32\drivers\Wdf01000.sys
2009-08-22 12:21 35,896 a------- c:\windows\system32\drivers\WdfLdr.sys
2009-08-22 12:21 3 a------- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-08-22 11:30 <DIR> --d----- c:\programdata\Apple Computer
2009-08-22 11:29 <DIR> --d----- c:\programdata\Apple
2009-08-21 22:08 1,820 a------- c:\windows\system32\rasctrnm.h
2009-08-21 22:06 69,632 a------- c:\windows\system32\Mpeg2Data.ax
2009-08-21 22:03 15,872 a------- c:\windows\system32\hcrstco.dll
2009-08-21 22:03 8,704 a------- c:\windows\system32\hccoin.dll
2009-08-21 21:01 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-21 15:43 1,392,304 a------- c:\windows\system32\AutoPartNt.exe
2009-08-21 15:43 1,024 a------- c:\windows\system32\AutoPartNt.let
2009-08-21 15:43 <DIR> --d----- c:\programdata\Acronis
2009-08-21 15:11 114,048 a------- c:\windows\system32\drivers\snapman.sys
2009-08-21 14:53 <DIR> --d----- c:\program files\DivX
2009-08-21 14:53 <DIR> --d----- c:\program files\common files\DivX Shared
2009-08-21 13:53 <DIR> --d----- c:\users\leon\appdata\roaming\IObit
2009-08-21 13:53 <DIR> --d----- c:\program files\IObit SmartDefrag
2009-08-21 10:32 499,712 a------- c:\windows\system32\kerberos.dll
2009-08-21 10:32 439,864 a------- c:\windows\system32\drivers\ksecdd.sys
2009-08-21 10:32 218,624 a------- c:\windows\system32\msv1_0.dll
2009-08-21 10:32 175,104 a------- c:\windows\system32\wdigest.dll
2009-08-21 10:32 1,259,008 a------- c:\windows\system32\lsasrv.dll
2009-08-21 10:32 72,704 a------- c:\windows\system32\secur32.dll
2009-08-21 10:32 9,728 a------- c:\windows\system32\lsass.exe
2009-08-21 10:32 270,848 a------- c:\windows\system32\schannel.dll
2009-08-21 10:32 13,780 a------- c:\windows\system32\wbem\lsasrv.mof
2009-08-21 10:18 37,888 a------- c:\windows\system32\printcom.dll
2009-08-21 10:18 14,848 a------- c:\windows\system32\wshrm.dll
2009-08-21 10:17 313,344 a------- c:\windows\system32\wmpdxm.dll
2009-08-21 10:17 43,520 a------- c:\windows\system32\msdxm.tlb
2009-08-21 10:17 18,432 a------- c:\windows\system32\amcompat.tlb
2009-08-21 10:17 8,147,456 a------- c:\windows\system32\wmploc.DLL
2009-08-21 10:17 7,680 a------- c:\windows\system32\spwmp.dll
2009-08-21 10:17 4,096 a------- c:\windows\system32\msdxm.ocx
2009-08-21 10:17 4,096 a------- c:\windows\system32\dxmasf.dll
2009-08-21 10:14 <DIR> --d----- c:\program files\MSXML 4.0
2009-08-21 07:31 91,976 a------- c:\windows\system32\drivers\SysPlant.sys
2009-08-21 07:29 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-08-21 07:29 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-08-21 07:29 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-08-21 07:28 1,060,864 a------- c:\windows\system32\MFC71.DLL
2009-08-21 07:28 503,808 a------- c:\windows\system32\MSVCP71.DLL
2009-08-21 07:28 348,160 a------- c:\windows\system32\MSVCR71.DLL
2009-08-21 07:27 <DIR> --d----- c:\programdata\Symantec
2009-08-21 07:27 <DIR> --d----- c:\program files\Symantec
2009-08-21 07:27 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-08-21 07:27 <DIR> --d----- c:\progra~2\Symantec
2009-08-21 07:23 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-08-21 07:23 <DIR> --d----- c:\program files\StarBurn
2009-08-21 05:10 272,896 a------- c:\windows\system32\polstore.dll
2009-08-21 05:10 61,440 a------- c:\windows\system32\winipsec.dll
2009-08-21 05:05 12,880 a------- c:\windows\system32\wbem\wlan.mof
2009-08-21 05:02 2,034,688 a------- c:\windows\system32\win32k.sys
2009-08-21 05:00 289,792 a------- c:\windows\system32\atmfd.dll
2009-08-21 05:00 156,672 a------- c:\windows\system32\t2embed.dll
2009-08-21 05:00 34,304 a------- c:\windows\system32\atmlib.dll
2009-08-21 05:00 23,552 a------- c:\windows\system32\lpk.dll
2009-08-21 05:00 72,704 a------- c:\windows\system32\fontsub.dll
2009-08-21 05:00 10,240 a------- c:\windows\system32\dciman32.dll
2009-08-21 04:52 71,680 a------- c:\windows\system32\atl.dll
2009-08-21 04:42 160,256 a------- c:\windows\system32\wkssvc.dll
2009-08-21 04:41 136,192 a------- c:\windows\system32\aaclient.dll
2009-08-21 04:41 53,248 a------- c:\windows\system32\tsgqec.dll
2009-08-21 04:41 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-08-21 04:36 2,048 a------- c:\windows\system32\msxml3r.dll
2009-08-21 04:19 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-21 04:19 623,616 a------- c:\windows\system32\localspl.dll
2009-08-21 04:17 91,136 a------- c:\windows\system32\avifil32.dll
2009-08-21 04:17 123,904 a------- c:\windows\system32\msvfw32.dll
2009-08-21 04:17 82,944 a------- c:\windows\system32\mciavi32.dll
2009-08-21 04:17 65,024 a------- c:\windows\system32\avicap32.dll
2009-08-21 04:17 31,232 a------- c:\windows\system32\msvidc32.dll
2009-08-21 04:17 12,800 a------- c:\windows\system32\msrle32.dll
2009-08-21 04:04 6,656 a------- c:\windows\system32\kbd106n.dll
2009-08-21 03:31 24,969,216 a------- c:\windows\ocsetup_install_NetFx3.etl
2009-08-21 03:31 327,680 a------- c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-08-21 03:31 65,536 a------- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-08-21 03:26 41,984 a------- c:\windows\system32\netfxperf.dll
2009-08-20 23:47 32,656 a------- c:\windows\system32\msonpmon.dll
2009-08-20 23:40 <DIR> --d----- c:\programdata\Microsoft Help
2009-08-20 23:31 116,736 a------- c:\windows\system32\drivers\mcdbus.sys
2009-08-20 23:31 <DIR> --d----- c:\program files\MagicDisc
2009-08-20 23:27 <DIR> --d----- c:\program files\MagicISO
2009-08-20 23:22 0 a------- c:\windows\ToDisc.INI
2009-08-20 23:17 <DIR> --d----- c:\programdata\Azureus
2009-08-20 23:17 <DIR> --d----- c:\progra~2\Azureus
2009-08-20 23:17 <DIR> --d----- c:\users\leon\appdata\roaming\Azureus
2009-08-20 23:16 <DIR> --d----- c:\program files\Vuze
2009-08-20 22:41 84,480 a------- c:\windows\system32\INETRES.dll
2009-08-20 22:38 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-08-20 22:35 <DIR> --d----- c:\windows\system32\x64
2009-08-20 22:34 2,048 a------- c:\windows\system32\msxml6r.dll
2009-08-20 22:30 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-08-20 22:28 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-08-20 22:25 271,704 a------- c:\windows\system32\hpzids01.dll
2009-08-20 22:25 118,272 a------- c:\windows\system32\hpz3l5mu.dll
2009-08-20 22:23 <DIR> --d----- c:\program files\HP
2009-08-20 22:09 <DIR> --d----- c:\program files\Atheros
2009-08-20 22:09 <DIR> --d----- c:\program files\ltmoh
2009-08-20 22:08 <DIR> --d----- c:\program files\Synaptics
2009-08-20 22:08 0 a--shr-- c:\windows\system32\drivers\1179_TOSHIBA_Satellite A100_S3A6022D501_PSAANC-VA305C.MRK
2009-08-20 22:08 <DIR> --d----- c:\program files\Toshiba Registration
2009-08-20 22:08 <DIR> --d----- c:\windows\Downloaded Installations
2009-08-20 21:46 <DIR> --d----- c:\programdata\HP
2009-08-20 21:33 48 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-20 21:27 <DIR> --d----- c:\users\leon\Tracing
2009-08-20 21:24 3,426,072 a------- c:\windows\system32\d3dx9_32.dll
2009-08-20 21:24 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-08-20 21:21 <DIR> --d----- c:\program files\Microsoft
2009-08-20 21:20 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-08-20 21:20 <DIR> --d----- c:\windows\PCHEALTH
2009-08-20 21:07 <DIR> --d----- c:\program files\common files\Windows Live
2009-08-20 20:54 <DIR> --d--r-- c:\program files\Skype
2009-08-20 20:50 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-08-20 20:47 <DIR> --d----- c:\programdata\Skype
2009-08-20 20:46 195,096 a------- c:\windows\system32\lvci1110.dll
2009-08-20 20:46 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys
2009-08-20 20:45 1,920,920 a------- c:\windows\system32\drivers\lvpopflt.sys
2009-08-20 20:41 <DIR> --d----- c:\programdata\Logitech
2009-08-20 20:40 <DIR> --d----- c:\programdata\LogiShrd
2009-08-20 20:10 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-08-20 20:10 83,456 a------- c:\windows\system32\wudriver.dll
2009-08-20 20:09 162,064 a------- c:\windows\system32\wuwebv.dll
2009-08-20 20:09 31,232 a------- c:\windows\system32\wuapp.exe
2009-08-20 19:27 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-08-20 19:25 16,054 a------- c:\windows\system32\results.xml
2009-08-20 19:22 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-08-20 19:22 <DIR> --d----- c:\windows\system32\Lang
2009-08-20 19:22 319,456 a------- c:\windows\system32\difxapi.dll
2009-08-20 19:22 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-08-20 19:22 920,088 a------- c:\windows\system32\igxpun.exe
2009-08-20 19:22 <DIR> --d----- C:\Intel
2009-08-20 19:21 <DIR> --d----- c:\users\Leon

==================== Find3M ====================

2009-09-06 16:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-06 16:41 51,200 a------- c:\windows\inf\infpub.dat
2009-09-06 16:41 86,016 a------- c:\windows\inf\infstor.dat
2009-09-06 16:23 665,600 a------- c:\windows\inf\drvindex.dat
2009-09-06 11:20 174 a--sh--- c:\program files\desktop.ini
2009-09-06 10:32 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-09-06 10:32 82,432 a------- c:\windows\system32\axaltocm.dll
2009-08-28 21:30 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2009-08-28 21:30 458,752 a------- c:\windows\apppatch\AcSpecfc.dll
2009-08-28 21:30 2,159,616 a------- c:\windows\apppatch\AcGenral.dll
2009-08-28 21:30 542,720 a------- c:\windows\apppatch\AcLayers.dll
2009-08-21 04:39 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-08-20 22:09 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-08-03 15:07 403,816 a------- c:\windows\system32\OGACheckControl.dll
2009-08-03 15:07 322,928 a------- c:\windows\system32\OGAAddin.dll
2009-08-03 15:07 230,768 a------- c:\windows\system32\OGAEXEC.exe
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-21 16:52 915,456 a------- c:\windows\system32\wininet.dll
2009-07-21 16:47 109,056 a------- c:\windows\system32\iesysprep.dll
2009-07-21 16:47 71,680 a------- c:\windows\system32\iesetup.dll
2009-07-21 15:13 133,632 a------- c:\windows\system32\ieUnatt.exe
2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR
2009-06-26 12:22 357,704 a------- c:\windows\system32\sysfer.dll
2009-06-26 12:22 107,848 a------- c:\windows\system32\SymVPN.dll
2009-06-26 12:22 89,088 a------- c:\windows\system32\atl71.dll
2009-06-26 12:22 49,480 a------- c:\windows\system32\FwsVpn.dll
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:50:09.16 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:06 AM

Posted 28 September 2009 - 02:34 PM

Hello lvorobei,

Posted Image

Sorry about the delay.:( If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Please do this:
1. Download HijackThis™ here:
http://www.trendsecure.com/portal/en-US/th.../hijackthis.php

2. Click 'Do a System Scan and Save log'.
The HJT log will open in notepad.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 lvorobei

lvorobei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 29 September 2009 - 09:47 PM

Thanks so much for your help. I will post the HiJack report here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:14 PM, on 29/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Vuze\Azureus.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [perfdm32] rundll32.exe "C:\Users\Leon\AppData\Local\perfdm32\perfdm32.dll", DllInit
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 9490 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:06 AM

Posted 30 September 2009 - 03:03 PM

Hello,

First off, uninstall MalwareRemovalBot. It's a rogue....no good, and it's hurting more than helping. :(

I need for you to go offline completely and disable ALL your protective programs after you download ComboFix, but before you run it. Sometimes those programs interfere with it, and we don't want that! :(

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If ComboFix will not run the first time, then rename ComboFix.exe to fluffybunny.exe and try it again. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 lvorobei

lvorobei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 30 September 2009 - 06:08 PM

Thank you for your continuing to look into this matter.

My Google searches were being redirected even before I accidentally donwloaded MalwareRemovalBot. Either way, I am not sure whether that program is still active on my computer; it shows up in the Add/Remove Programs window, but will not uninstall.

Here are the Combofix and HijackThis logs.

ComboFix 09-09-30.01 - Leon 30/09/2009 17:13.1.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2037.892 [GMT -5:00]
Running from: c:\users\Leon\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-196863380-2393209088-3299821848-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Leon\AppData\Local\perfdm32\perfdm32.dll
c:\users\Leon\AppData\Local\Temp\swt-gdip-win32-3448.dll
c:\users\Leon\AppData\Local\Temp\swt-win32-3448.dll
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-30 22:25 . 2009-09-30 22:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-28 21:23 . 2009-09-28 21:23 -------- d-----w- c:\program files\Quick PDF Tools
2009-09-20 17:09 . 2009-09-20 17:09 -------- d-----r- c:\program files\Norton Support
2009-09-20 16:30 . 2009-09-20 16:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-20 16:30 . 2009-09-20 16:29 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-20 16:10 . 2009-09-20 16:30 -------- d-----w- c:\programdata\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-20 16:10 . 2009-09-20 16:10 -------- d-----w- c:\users\Leon\AppData\Local\Downloaded Installations
2009-09-20 16:10 . 2009-08-22 08:13 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2009-09-20 16:10 . 2009-09-20 16:30 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-20 16:10 . 2009-09-20 17:29 -------- d-----w- c:\program files\Symantec
2009-09-20 16:09 . 2009-09-20 18:31 -------- d-----w- c:\windows\system32\drivers\N360
2009-09-20 16:09 . 2009-09-21 05:11 -------- d-----w- c:\programdata\Symantec
2009-09-20 16:09 . 2009-09-20 16:09 -------- d-----w- c:\program files\Norton 360
2009-09-20 16:09 . 2009-09-20 16:11 -------- d-----w- c:\programdata\Norton
2009-09-20 16:09 . 2009-09-20 16:09 -------- d-----w- c:\program files\NortonInstaller
2009-09-16 20:58 . 2009-09-16 20:58 -------- d-----w- c:\programdata\NortonInstaller
2009-09-15 23:33 . 2009-08-14 16:27 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-15 23:33 . 2009-08-14 13:48 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-15 23:33 . 2009-08-14 13:49 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-15 23:33 . 2009-08-14 13:49 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-15 23:33 . 2009-08-14 13:49 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-15 23:33 . 2009-08-14 13:49 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-15 23:33 . 2009-08-14 13:49 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-15 23:33 . 2009-08-14 13:49 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-15 23:33 . 2009-08-14 13:48 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-09-15 23:33 . 2009-08-14 15:53 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-15 23:33 . 2009-08-14 13:49 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-15 23:32 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-15 23:32 . 2009-07-11 19:01 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-15 23:32 . 2009-07-11 19:01 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-15 23:32 . 2009-07-11 17:03 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-15 23:32 . 2009-07-11 19:01 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-15 23:32 . 2009-07-11 19:01 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-09-15 12:08 . 2009-06-18 17:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2009-09-07 05:30 . 2009-09-07 05:30 -------- d-----w- c:\program files\Sophos
2009-09-07 01:34 . 2009-09-07 01:35 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-07 01:25 . 2009-09-07 01:25 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-07 01:21 . 2009-09-07 04:25 -------- d-----w- c:\programdata\NOS
2009-09-07 00:30 . 2009-09-07 00:30 -------- d-----w- c:\users\Leon\AppData\Roaming\Malwarebytes
2009-09-07 00:29 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-07 00:29 . 2009-09-07 00:29 -------- d-----w- c:\programdata\Malwarebytes
2009-09-07 00:29 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-07 00:29 . 2009-09-07 00:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-06 22:40 . 2009-09-06 22:57 -------- d-----w- c:\users\Leon\AppData\Roaming\wsInspector
2009-09-06 22:37 . 2009-09-06 22:39 -------- d-----w- c:\program files\Startup Inspector
2009-09-06 22:34 . 2009-09-06 22:34 -------- d-----w- c:\windows\system32\IOSUBSYS
2009-09-06 22:17 . 2009-09-06 22:17 -------- d-----w- c:\program files\Trend Micro
2009-09-06 21:23 . 2009-09-06 21:24 -------- d-----w- c:\windows\system32\ca-ES
2009-09-06 21:23 . 2009-09-06 21:24 -------- d-----w- c:\windows\system32\eu-ES
2009-09-06 21:23 . 2009-09-06 21:24 -------- d-----w- c:\windows\system32\vi-VN
2009-09-06 20:04 . 2009-09-30 22:13 -------- d-----w- c:\program files\Taskbar Shuffle
2009-09-06 19:31 . 2009-09-06 19:31 -------- d-----w- c:\windows\system32\EventProviders
2009-09-06 19:27 . 2009-04-11 06:28 1216000 ----a-w- c:\windows\system32\AuxiliaryDisplayCpl.dll
2009-09-06 19:26 . 2009-04-11 06:28 84992 ----a-w- c:\windows\system32\msctfp.dll
2009-09-06 19:25 . 2009-04-11 06:28 90112 ----a-w- c:\windows\system32\wbem\WmiApRpl.dll
2009-09-06 18:30 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-09-06 15:58 . 2009-09-06 15:58 -------- d-----w- C:\PerfLogs
2009-09-06 14:53 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-06 04:04 . 2009-09-27 01:48 -------- d-----w- c:\users\Leon\AppData\Local\Google
2009-09-06 04:04 . 2009-09-06 22:34 -------- d-----w- c:\program files\Google
2009-09-05 20:49 . 2009-09-05 20:49 -------- d-----w- c:\programdata\IObit
2009-09-05 20:34 . 2009-09-05 20:34 -------- d-----w- c:\users\Leon\AppData\Local\Symantec_Corporation
2009-09-05 20:14 . 2008-01-20 01:12 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-09-04 01:46 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-04 01:42 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-04 01:42 . 2009-09-20 16:30 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-04 01:39 . 2009-09-04 01:42 -------- d-----w- c:\programdata\Lavasoft
2009-09-04 01:39 . 2009-09-04 01:39 -------- d-----w- c:\program files\Lavasoft
2009-09-04 01:23 . 2009-09-04 01:40 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-02 19:11 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 19:11 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:13 . 2009-09-02 16:13 -------- d-----w- c:\users\Leon\AppData\Roaming\AVG8
2009-09-02 15:03 . 2009-09-11 00:18 -------- d-----w- c:\program files\Unlocker
2009-09-02 12:35 . 2009-09-05 20:49 -------- d-----w- c:\program files\IObit
2009-09-01 02:43 . 2009-09-01 02:45 116839 ----a-w- c:\windows\hpqins00.dat
2009-09-01 02:39 . 2009-09-08 03:16 -------- d-----w- c:\users\Leon\AppData\Roaming\HpUpdate
2009-09-01 02:39 . 2009-09-01 02:39 -------- d-----w- c:\windows\Hewlett-Packard
2009-09-01 02:28 . 2009-09-01 02:28 -------- d-----w- C:\found.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 22:25 . 2009-08-21 04:17 -------- d-----w- c:\users\Leon\AppData\Roaming\Azureus
2009-09-30 22:09 . 2009-08-21 01:55 -------- d-----w- c:\users\Leon\AppData\Roaming\Skype
2009-09-30 21:57 . 2009-08-21 02:33 -------- d-----w- c:\users\Leon\AppData\Roaming\skypePM
2009-09-30 13:43 . 2009-08-21 01:50 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-20 18:27 . 2009-08-21 20:43 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-09-20 16:30 . 2009-08-21 12:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-20 16:30 . 2009-09-20 16:10 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-20 16:30 . 2009-09-20 16:10 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-16 20:24 . 2009-08-21 02:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-15 23:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-15 23:37 . 2009-08-21 04:40 -------- d-----w- c:\programdata\Microsoft Help
2009-09-06 21:40 . 2009-08-21 01:41 -------- d-----w- c:\program files\Common Files\LogiShrd
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-06 21:25 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-06 21:21 . 2009-09-06 21:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-06 15:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-09-06 15:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-09-05 22:23 . 2009-08-21 18:53 -------- d-----w- c:\users\Leon\AppData\Roaming\IObit
2009-09-04 02:00 . 2006-12-07 00:24 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-09-04 01:59 . 2006-12-07 00:11 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-04 01:57 . 2009-08-23 03:00 -------- d-----w- c:\program files\Logitech
2009-08-26 04:00 . 2009-08-26 04:00 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-08-23 17:33 . 2009-08-23 17:32 -------- d-----w- c:\users\Leon\AppData\Roaming\WordWeb
2009-08-23 17:31 . 2009-08-23 17:31 -------- d-----w- c:\program files\WordWeb
2009-08-23 16:44 . 2009-08-23 16:44 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-08-23 03:00 . 2009-08-21 01:40 -------- d-----w- c:\programdata\LogiShrd
2009-08-23 01:33 . 2009-08-23 00:55 -------- d-----w- c:\users\Leon\AppData\Roaming\HP
2009-08-23 01:32 . 2009-08-23 01:06 157556 ----a-w- c:\windows\hpoins28.dat
2009-08-23 01:32 . 2009-08-23 01:32 -------- d-----w- c:\programdata\WEBREG
2009-08-23 01:27 . 2009-08-21 02:46 -------- d-----w- c:\programdata\HP
2009-08-23 01:26 . 2009-08-23 01:26 -------- d-----w- c:\programdata\HP Product Assistant
2009-08-23 01:26 . 2009-08-21 03:23 -------- d-----w- c:\program files\HP
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\program files\Hewlett-Packard
2009-08-23 01:25 . 2009-08-23 01:25 -------- d-----w- c:\program files\Common Files\HP
2009-08-22 17:22 . 2009-08-22 17:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-08-22 17:21 . 2009-08-22 17:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-22 17:21 . 2009-08-22 17:21 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2009-08-22 17:21 . 2009-08-22 17:21 35896 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2009-08-22 17:21 . 2009-08-22 17:21 3 ----a-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
2009-08-22 16:31 . 2009-08-22 16:30 -------- d-----w- c:\program files\QuickTime
2009-08-22 16:30 . 2009-08-21 00:21 88880 ----a-w- c:\users\Leon\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-22 16:30 . 2009-08-22 16:30 -------- d-----w- c:\programdata\Apple Computer
2009-08-22 16:29 . 2009-08-22 16:29 -------- d-----w- c:\program files\Apple Software Update
2009-08-22 16:29 . 2009-08-22 16:29 -------- d-----w- c:\programdata\Apple
2009-08-22 02:55 . 2009-08-21 04:45 -------- d-----w- c:\program files\Microsoft Works
2009-08-22 02:17 . 2009-08-21 02:21 -------- d-----w- c:\program files\Microsoft
2009-08-22 02:01 . 2009-08-22 02:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-22 02:00 . 2006-12-07 00:09 -------- d-----w- c:\program files\Java
2009-08-21 23:48 . 2009-08-21 23:48 -------- d-----w- c:\users\Leon\AppData\Roaming\DivX
2009-08-21 20:11 . 2009-08-21 20:11 114048 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-08-21 20:11 . 2009-08-21 20:11 -------- d-----w- c:\program files\Common Files\Acronis
2009-08-21 20:11 . 2009-08-21 20:11 -------- d-----w- c:\program files\Acronis
2009-08-21 19:54 . 2009-08-21 19:53 -------- d-----w- c:\program files\DivX
2009-08-21 19:53 . 2009-08-21 19:53 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-21 18:54 . 2009-08-21 18:53 -------- d-----w- c:\program files\IObit SmartDefrag
2009-08-21 15:32 . 2009-08-21 15:32 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-21 15:32 . 2009-08-21 15:32 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-21 15:32 . 2009-08-21 15:32 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-21 15:32 . 2009-08-21 15:32 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-21 15:32 . 2009-08-21 15:32 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-21 15:32 . 2009-08-21 15:32 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-21 15:32 . 2009-08-21 15:32 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-21 15:32 . 2009-08-21 15:32 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-21 15:18 . 2009-08-21 15:18 37888 ----a-w- c:\windows\system32\printcom.dll
2009-08-21 15:18 . 2009-08-21 15:18 14848 ----a-w- c:\windows\system32\wshrm.dll
2009-08-21 15:17 . 2009-08-21 15:17 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-21 15:17 . 2009-08-21 15:17 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-21 15:17 . 2009-08-21 15:17 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-21 15:17 . 2009-08-21 15:17 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-21 15:14 . 2009-08-21 15:14 -------- d-----w- c:\program files\MSXML 4.0
2009-08-21 12:23 . 2009-08-21 12:23 -------- d-----w- c:\program files\StarBurn
2009-08-21 12:23 . 2009-08-21 12:23 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-21 10:10 . 2009-08-21 10:10 61440 ----a-w- c:\windows\system32\winipsec.dll
2009-08-21 10:10 . 2009-08-21 10:10 272896 ----a-w- c:\windows\system32\polstore.dll
2009-08-21 10:02 . 2009-08-21 10:02 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-08-21 10:00 . 2009-08-21 10:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-08-21 10:00 . 2009-08-21 10:00 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-08-21 10:00 . 2009-08-21 10:00 23552 ----a-w- c:\windows\system32\lpk.dll
2009-08-21 10:00 . 2009-08-21 10:00 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-08-21 10:00 . 2009-08-21 10:00 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-08-21 10:00 . 2009-08-21 10:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-08-21 09:52 . 2009-08-21 09:52 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-21 09:42 . 2009-08-21 09:42 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-21 09:41 . 2009-08-21 09:41 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-08-21 09:41 . 2009-08-21 09:41 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-08-21 09:41 . 2009-08-21 09:41 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-21 09:36 . 2009-08-21 09:36 2048 ----a-w- c:\windows\system32\msxml3r.dll
2009-08-21 09:19 . 2009-08-21 09:19 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-08-21 09:19 . 2009-08-21 09:19 623616 ----a-w- c:\windows\system32\localspl.dll
2009-08-21 09:17 . 2009-08-21 09:17 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-21 09:17 . 2009-08-21 09:17 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-08-21 09:17 . 2009-08-21 09:17 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-08-21 09:17 . 2009-08-21 09:17 31232 ----a-w- c:\windows\system32\msvidc32.dll
2009-08-21 09:17 . 2009-08-21 09:17 12800 ----a-w- c:\windows\system32\msrle32.dll
2009-08-21 09:17 . 2009-08-21 09:17 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-08-21 09:04 . 2009-08-21 09:04 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-12 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-12-11 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-12-11 530552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-22 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-07 3772416]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\users\Leon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:85,49,91,a8,39,2f,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1851379-1604391057-341556530-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D3BDBB4E-9779-466C-B121-8CB2C1CDB853}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72156C65-886E-495C-8F72-76B2130A2263}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{ACFB1E89-751A-4595-8827-A340BF494231}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{A121A877-28BA-4F08-8FA5-6CD96F8B51D1}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{505C7D12-854B-458B-8357-E6A92D91ABCF}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{16F877F5-7A66-4AA8-81C4-8D22E8F7C8FA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8D6C60AB-8B29-4247-9536-5C3BBAD49E67}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{711A408F-35D3-42CE-BF32-1CC7B59CE233}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2A44C96E-891B-48D5-A32B-393D527DFE12}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{AD870A41-A3AA-4CCF-8CF0-EBF978891C12}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{C57F4F08-E113-47B6-B473-EAA6DEEB3C77}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{268DF0C5-AAD2-4ACB-B53A-5800BCF8F96B}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{84EF9045-01D4-4B1E-AFDA-CB64769375AB}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{F8C5B1F0-719A-4EB8-A73B-BE773513E487}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{E756440D-3F06-4878-A300-754EF576FBC4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{FC1B3B03-3468-45F3-AD5C-4B7FBFE56530}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{A3599D69-99E7-49A7-802B-02E414E678D8}"= UDP:c:\users\Leon\AppData\Local\Temp\7zS576F.tmp\SymNRT.exe:Norton Removal Tool
"{7D058DBC-7444-4AD4-9EA3-0CB54F572E40}"= TCP:c:\users\Leon\AppData\Local\Temp\7zS576F.tmp\SymNRT.exe:Norton Removal Tool
"{7CD409E8-7BBF-4338-94C2-FEA019847B32}"= UDP:c:\users\Leon\AppData\Local\Temp\7zSDD15.tmp\SymNRT.exe:Norton Removal Tool
"{3E36E151-96A8-40C7-B2AC-C15113BEB9D9}"= TCP:c:\users\Leon\AppData\Local\Temp\7zSDD15.tmp\SymNRT.exe:Norton Removal Tool

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [03/09/2009 8:42 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0305020.00B\SymEFA.sys [20/09/2009 11:30 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0305020.00B\BHDrvx86.sys [20/09/2009 11:30 AM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0305020.00B\cchpx86.sys [20/09/2009 11:30 AM 482432]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [20/09/2009 11:19 AM 342576]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\System32\SAVRKBootTasks.sys [15/09/2009 7:08 AM 18816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 9:49 AM 1028432]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe [20/09/2009 11:29 AM 117640]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30/03/2009 4:28 PM 1533808]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/09/2009 12:16 PM 102448]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [06/12/2006 8:09 PM 7168]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [20/09/2009 11:30 AM 48688]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [22/02/2007 7:53 PM 2217416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/09/2009 11:05 PM 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 01:42]

2009-09-30 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-21 14:22]

2009-09-30 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-09-02 14:55]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 04:04]

2009-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-06 04:04]

2009-09-12 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-21 14:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.shoptoshiba.ca/welcome
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Leon\AppData\Roaming\Mozilla\Firefox\Profiles\6862m387.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-perfdm32 - c:\users\Leon\AppData\Local\perfdm32\perfdm32.dll
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 17:28
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1157.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\System32\dllhost.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-09-30 17:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 22:34

Pre-Run: 13,681,750,016 bytes free
Post-Run: 13,346,586,624 bytes free

422 --- E O F --- 2009-09-15 23:42



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:58 PM, on 30/09/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shoptoshiba.ca/welcome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/flash...ent/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8309 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:06 AM

Posted 30 September 2009 - 06:23 PM

Hello,

I see you have Malwarebytes. Please make sure it is fully updated to the latest definitions then have a scan with it. :( Post the report in your reply, if there is anything to report. Are you still being redirected after a reboot?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users