Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack - myfreeze.com


  • This topic is locked This topic is locked
12 replies to this topic

#1 CaseyH

CaseyH

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 28 December 2009 - 09:21 AM

My Firefox browser is sporadically hijacked by MyFreeze.com. I got this when I downloaded a screensaver from their site. I used Windows control panel to remove the screensaver and I separately searched for and deleted all files and folders named myfreeze or freeze. I still get the browser hijack.

I have included/attached the DDS files.

I could NOT run RootRepeal. It blows up when launched with the message: "Error - RootRepeal does not support 64 bit OSs!"


Thanks in advance


Casey


DDS (Ver_09-12-01.01) - NTFSX64
Run by Casey at 8:58:33.79 on Mon 12/28/2009
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.2362 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\SysWOW64\rundll32.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Data Deposit Box\nts.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Data Deposit Box\startup.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Data Deposit Box\backup.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Data Deposit Box\starter.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Data Deposit Box\status.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Users\Casey\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2090540
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
mURLSearchHooks: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
mWinlogon: Userinit=userinit.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
TB: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KeePass Password Safe] "c:\program files (x86)\keepass password safe\KeePass.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [PCMAgent] "c:\program files (x86)\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NDSTray.exe] "c:\program files (x86)\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files (x86)\toshiba\configfree\cfFncEnabler.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [ToshibaServiceStation] c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
StartupFolder: c:\users\casey\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\datade~1.lnk - c:\program files (x86)\data deposit box\starter.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files (x86)\common files\nikon\monitor\NkMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB-X64: {D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - No File
mRun-x64: [(Default)]
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
IE-X64: {1ca24684-a693-418e-a430-79d070271843} - c:\users\casey\appdata\roaming\microsoft\windows\start menu\programs\bigbetpoker.com\BigBetPoker.com.lnk
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files (x86)\stardock\fences\FencesMenu64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\casey\appdata\roaming\mozilla\firefox\profiles\lsertkzb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://calendar.mail.yahoo.com/
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa2.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\users\casey\appdata\roaming\mozilla\firefox\profiles\lsertkzb.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-23 69152]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 35392]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 14872]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-8-11 504912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-26 308296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-11 203264]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-8-11 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\McSACore.exe [2009-9-26 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-26 155456]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 55808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-12-20 1153368]
R2 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2009-12-2 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 84480]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-12-9 292864]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2009-1-21 619008]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x64.sys [2009-3-4 55808]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-9-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-26 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-26 49480]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-3-10 69536]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-8-11 32832]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-5-5 12800]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-26 40904]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2009-12-23 23:04:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-23 22:28:33 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-12-23 21:47:36 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-23 21:45:17 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-23 21:44:57 0 d-----w- c:\programdata\Lavasoft
2009-12-23 21:44:57 0 d-----w- c:\program files (x86)\Lavasoft
2009-12-21 02:32:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-21 02:32:05 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-12-10 08:00:52 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 08:00:52 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-10 08:00:50 620032 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 08:00:49 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 08:00:49 30720 ----a-w- c:\windows\syswow64\httpapi.dll
2009-12-06 01:45:41 0 d-----w- c:\programdata\KingsIsle Entertainment
2009-12-04 08:19:57 0 d-----w- c:\windows\syswow64\spool
2009-12-04 08:19:57 0 d-----w- c:\program files (x86)\Windows Portable Devices
2009-12-04 08:19:55 0 d-----w- c:\program files\Windows Portable Devices
2009-12-04 08:19:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-04 08:19:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-04 08:01:52 736256 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-12-04 08:01:52 555520 ----a-w- c:\windows\syswow64\UIAutomationCore.dll
2009-12-04 08:01:52 4096 ----a-w- c:\windows\syswow64\oleaccrc.dll
2009-12-04 08:01:52 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-12-04 08:01:52 315904 ----a-w- c:\windows\system32\oleacc.dll
2009-12-04 08:01:52 234496 ----a-w- c:\windows\syswow64\oleacc.dll
2009-12-04 08:00:52 92672 ----a-w- c:\windows\syswow64\UIAnimation.dll
2009-12-04 08:00:52 103424 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-04 08:00:51 3815424 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-04 08:00:51 1164800 ----a-w- c:\windows\syswow64\UIRibbonRes.dll
2009-12-04 08:00:51 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-04 08:00:50 3023360 ----a-w- c:\windows\syswow64\UIRibbon.dll
2009-12-03 20:12:01 0 d-----w- c:\windows\syswow64\vi-VN
2009-12-03 20:12:01 0 d-----w- c:\windows\syswow64\eu-ES
2009-12-03 20:12:01 0 d-----w- c:\windows\syswow64\ca-ES
2009-12-03 20:12:00 0 d-----w- c:\windows\system32\eu-ES
2009-12-03 20:12:00 0 d-----w- c:\windows\system32\ca-ES
2009-12-03 20:11:58 0 d-----w- c:\windows\system32\vi-VN
2009-12-03 19:24:22 0 d-----w- c:\windows\system32\EventProviders
2009-12-03 14:36:47 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-03 12:11:02 12240896 ----a-w- c:\windows\syswow64\NlsLexicons0007.dll
2009-12-03 12:11:02 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-12-03 12:09:59 754688 ----a-w- c:\windows\syswow64\propsys.dll
2009-12-03 12:08:59 97792 ----a-w- c:\windows\system32\drivers\dfsc.sys
2009-12-03 12:07:44 891392 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-12-03 12:07:44 43520 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-12-03 12:07:44 1172992 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-12-03 12:07:41 936448 ----a-w- c:\windows\system32\SmiEngine.dll
2009-12-03 12:07:35 293888 ----a-w- c:\windows\system32\wdscore.dll
2009-12-03 12:07:35 138752 ----a-w- c:\windows\system32\PkgMgr.exe
2009-12-03 12:07:21 315904 ----a-w- c:\windows\system32\drvstore.dll
2009-12-02 20:02:44 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-02 20:02:44 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-02 20:02:44 145184 ----a-w- c:\windows\syswow64\java.exe

==================== Find3M ====================

2009-12-21 13:37:28 39 ----a-w- c:\users\casey\jagex_runescape_preferences.dat
2009-12-21 13:20:25 69 ----a-w- c:\users\casey\jagex_runescape_preferences2.dat
2009-12-04 08:19:41 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-04 08:19:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 08:19:41 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-04 08:19:40 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-03 19:35:29 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 17:10:13 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2009-11-21 17:10:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-21 16:47:06 106496 ----a-w- c:\windows\syswow64\ATL71.DLL
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-10-29 09:36:50 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-11 09:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-10-07 12:20:17 280576 ----a-w- c:\windows\system32\rastls.dll
2009-10-07 11:36:36 243712 ----a-w- c:\windows\syswow64\rastls.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\syswow64\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\syswow64\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\syswow64\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\syswow64\WPDShServiceObj.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\syswow64\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\syswow64\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\syswow64\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\syswow64\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\syswow64\PortableDeviceClassExtension.dll
2009-10-01 00:52:29 2727936 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 00:52:10 453120 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 00:52:02 34816 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 00:51:59 110080 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 00:51:56 37888 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 00:51:54 573440 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 00:51:50 433152 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 00:51:46 218624 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 00:51:45 77824 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 00:51:45 113152 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 00:51:40 295936 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 00:51:40 107008 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 00:51:34 214528 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 00:51:33 75264 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 00:51:32 37376 ----a-w- c:\windows\system32\WpdConns.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-26 19:37:43 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-26 16:02:22 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-09-26 16:02:55 13 --sh--r- c:\windows\syswow64\drivers\fbd.sys

============= FINISH: 8:59:59.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:50 PM

Posted 07 January 2010 - 03:46 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 January 2010 - 05:07 PM

Here are the new DDS files and thanks.

Casey



DDS (Ver_09-12-01.01) - NTFSX64
Run by Casey at 16:56:16.35 on Thu 01/07/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4060.1942 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\SysWOW64\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\Data Deposit Box\nts.exe
C:\Program Files (x86)\Data Deposit Box\startup.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Data Deposit Box\backup.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Data Deposit Box\starter.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\Data Deposit Box\status.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Casey\Downloads\dds(2).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2090540
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mLocal Page = c:\windows\syswow64\blank.htm
uURLSearchHooks: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
mURLSearchHooks: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
mWinlogon: Userinit=userinit.exe
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files (x86)\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
BHO: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files (x86)\askbardis\bar\bin\askBar.dll
TB: OnRPG Toolbar: {d22f6f66-2f47-4184-8625-fbfa4cbdb7ce} - c:\program files (x86)\onrpg\tbOnRP.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KeePass Password Safe] "c:\program files (x86)\keepass password safe\KeePass.exe"
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\users\casey\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [PCMAgent] "c:\program files (x86)\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NDSTray.exe] "c:\program files (x86)\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files (x86)\toshiba\configfree\cfFncEnabler.exe"
mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~2\mcafee\mhn\McENUI.exe /hide
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [ToshibaServiceStation] c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\casey\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\datade~1.lnk - c:\program files (x86)\data deposit box\starter.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files (x86)\common files\nikon\monitor\NkMonitor.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\McIEPlg.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\x64\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
TB-X64: {D22F6F66-2F47-4184-8625-FBFA4CBDB7CE} - No File
mRun-x64: [(Default)]
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun-x64: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun-x64: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun-x64: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun-x64: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent64.exe
IE-X64: {1ca24684-a693-418e-a430-79d070271843} - c:\users\casey\appdata\roaming\microsoft\windows\start menu\programs\bigbetpoker.com\BigBetPoker.com.lnk
STS-X64: FencesShlExt Class: {1984DD45-52CF-49cd-AB77-18F378FEA264} - c:\program files (x86)\stardock\fences\FencesMenu64.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\casey\appdata\roaming\mozilla\firefox\profiles\lsertkzb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2090540&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://calendar.mail.yahoo.com/
FF - component: c:\program files (x86)\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa2.dll
FF - plugin: c:\program files (x86)\picasa2\npPicasa3.dll
FF - plugin: c:\users\casey\appdata\local\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\casey\appdata\roaming\mozilla\firefox\profiles\lsertkzb.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\users\casey\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-23 69152]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-3-25 35392]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-9-4 14872]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2009-8-11 504912]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-9-26 308296]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-11 203264]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-8-11 20544]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\toshiba\configfree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-20 27648]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\mcafee\siteadvisor\McSACore.exe [2009-9-26 203280]
R2 McProxy;McAfee Proxy Service;c:\progra~2\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-26 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-26 155456]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 55808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2009-12-20 1153368]
R2 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2009-12-2 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 84480]
R3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2008-12-9 292864]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2009-1-21 619008]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x64.sys [2009-3-4 55808]
R3 McSysmon;McAfee SystemGuards;c:\progra~2\mcafee\viruss~1\mcsysmon.exe [2009-9-26 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-26 102472]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-26 49480]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2008-11-17 4751360]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-3-10 69536]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-8-11 32832]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-5-5 12800]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-26 40904]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-01-03 03:16:28 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-01-03 03:16:28 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-01-03 03:16:28 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-01-03 03:15:41 0 d-----w- c:\program files\iPod
2010-01-03 03:15:40 0 d-----w- c:\programdata\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
2010-01-03 03:15:40 0 d-----w- c:\program files\iTunes
2010-01-03 03:15:40 0 d-----w- c:\program files (x86)\iTunes
2010-01-03 03:14:32 0 d-----w- c:\program files\Bonjour
2010-01-03 03:14:32 0 d-----w- c:\program files (x86)\Bonjour
2010-01-03 03:13:35 0 d-----w- c:\programdata\Apple Computer
2010-01-03 03:09:25 0 d-----w- c:\program files\common files\Apple
2010-01-03 03:09:00 0 d-----w- c:\programdata\Apple
2009-12-23 23:04:43 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-23 22:28:33 226688 ------w- c:\windows\system32\MpSigStub.exe
2009-12-23 21:47:36 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-12-23 21:45:17 0 dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2009-12-23 21:44:57 0 d-----w- c:\programdata\Lavasoft
2009-12-23 21:44:57 0 d-----w- c:\program files (x86)\Lavasoft
2009-12-21 02:32:05 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-21 02:32:05 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-12-10 08:00:52 32768 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 08:00:52 24064 ----a-w- c:\windows\syswow64\nshhttp.dll
2009-12-10 08:00:50 620032 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 08:00:49 33792 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 08:00:49 30720 ----a-w- c:\windows\syswow64\httpapi.dll

==================== Find3M ====================

2010-01-05 21:29:32 20 ---h--w- c:\programdata\PKP_DLdu.DAT
2010-01-03 03:11:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-03 03:11:32 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-03 03:11:32 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-12-21 13:37:28 39 ----a-w- c:\users\casey\jagex_runescape_preferences.dat
2009-12-21 13:20:25 69 ----a-w- c:\users\casey\jagex_runescape_preferences2.dat
2009-12-04 08:19:41 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-04 08:19:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-04 08:19:34 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-03 19:35:29 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-11-21 17:10:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-11-21 16:47:06 106496 ----a-w- c:\windows\syswow64\ATL71.DLL
2009-11-21 06:52:02 1147904 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:46:36 77312 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:46:36 132096 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:40:20 916480 ----a-w- c:\windows\syswow64\wininet.dll
2009-11-21 06:40:03 1208832 ----a-w- c:\windows\syswow64\urlmon.dll
2009-11-21 06:38:17 206848 ----a-w- c:\windows\syswow64\occache.dll
2009-11-21 06:35:43 5940736 ----a-w- c:\windows\syswow64\mshtml.dll
2009-11-21 06:35:38 594432 ----a-w- c:\windows\syswow64\msfeeds.dll
2009-11-21 06:35:38 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2009-11-21 06:34:58 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2009-11-21 06:34:39 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2009-11-21 06:34:39 164352 ----a-w- c:\windows\syswow64\ieui.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2009-11-21 06:34:38 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2009-11-21 06:34:38 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2009-11-21 06:34:38 11069952 ----a-w- c:\windows\syswow64\ieframe.dll
2009-11-21 06:34:33 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2009-11-21 05:07:24 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 04:59:58 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2009-11-21 04:59:52 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2009-11-21 04:59:14 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-10-29 09:36:50 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\syswow64\tzres.dll
2009-10-11 09:17:33 149280 ----a-w- c:\windows\syswow64\javaws.exe
2009-10-11 09:17:32 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-10-11 09:17:31 145184 ----a-w- c:\windows\syswow64\java.exe
2009-10-11 09:17:27 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-26 19:37:43 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-26 16:02:22 4 --sh--r- c:\windows\system32\drivers\taishop.sys
2009-09-26 16:02:55 13 --sh--r- c:\windows\syswow64\drivers\fbd.sys

============= FINISH: 16:58:31.37 ===============

Attached Files



#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:50 PM

Posted 07 January 2010 - 08:09 PM

Hi CaseyH,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Myfreeze is an annoying, but not really difficult to remove, piece of adware. We can shift it by running MBAM and once it's definitely gone we'll see if the redirects stop.

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 07 January 2010 - 11:31 PM

m0le,

got your post and will run malware


Casey

#6 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2010 - 08:30 AM

Malware scan / removal has run. Here is the log file:


Malwarebytes' Anti-Malware 1.44
Database version: 3513
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865

1/8/2010 8:13:31 AM
mbam-log-2010-01-08 (08-13-31).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 282338
Time elapsed: 1 hour(s), 13 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:50 PM

Posted 08 January 2010 - 01:02 PM

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Let me know if there are still hijacks on your PC.
Posted Image
m0le is a proud member of UNITE

#8 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2010 - 04:47 PM

I ran ESET. No infections found, so there was no report to post.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:50 PM

Posted 08 January 2010 - 05:05 PM

That's good. How are the redirections?
Posted Image
m0le is a proud member of UNITE

#10 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 08 January 2010 - 09:30 PM

The hijack is still there. I usually, but not always, get them when I am at CNN.com and clicking on the scroll bar.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:50 PM

Posted 08 January 2010 - 09:35 PM

Please download HostsXpert 4.3
  • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Restore MS Hosts File".
  • Click OK at the confirmation box.
  • Click "Make Read Only".
  • Click the X to exit the program.
-- Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

This should stop the redirects. Let me know if it doesn't. :(
Posted Image
m0le is a proud member of UNITE

#12 CaseyH

CaseyH
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:50 PM

Posted 11 January 2010 - 03:36 PM

I have not seen the hijack in over 24 hrs. I think it is gone and you can close this item.


Many Thanks,


Casey

Edited by CaseyH, 11 January 2010 - 03:37 PM.


#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:50 PM

Posted 11 January 2010 - 03:53 PM

Success! :(


You're clean. Good stuff! :(

Let's do some clearing up

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it CaseyH, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users