Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN-BNK.WIN.KEYLOGGER.GEN


  • This topic is locked This topic is locked
21 replies to this topic

#1 STRESSED

STRESSED

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 05 March 2010 - 11:27 PM

HAVING TROUBLE WITH THE GMER LOG...IT FREESES BEFORE THE END OF THE SCAN AND I GET REBOOTED.. BELOW ARE THE TWO PREVIOUS LOGS YOU REQUESTED;


DDS (Ver_09-12-01.01) - NTFSx86
Run by Avalach23 at 22:44:01.09 on Fri 03/05/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1830 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Avalach23\Desktop\Desktop\Jeff's junk\Desktop\Desktop\Defogger.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Avalach23\Desktop\Desktop\Jeff's junk\Desktop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb128\SearchSettings.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [SearchSettings] c:\program files\search settings\SearchSettings.exe
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\avalach23\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-25 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100224.002\IDSvix86.sys [2010-2-25 343088]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-27 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-27 176128]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-25 117640]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-11 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-25 48688]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-03-06 03:37:47 0 ----a-w- c:\users\avalach23\defogger_reenable
2010-03-04 16:14:36 146529711 ----a-w- c:\windows\MEMORY.DMP
2010-03-04 11:23:56 0 d--h--w- c:\windows\msdownld.tmp
2010-03-04 08:21:57 0 d-----w- c:\users\avalach23\DoctorWeb
2010-03-04 01:57:36 0 d-----w- c:\program files\ESET
2010-02-28 08:08:46 0 d-----w- c:\programdata\HP
2010-02-27 12:56:02 74263 ----a-w- c:\users\avalach23\.recently-used.xbel
2010-02-25 04:26:01 0 d-----w- c:\program files\CCleaner
2010-02-25 03:41:56 0 d-----w- c:\users\avalac~1\appdata\roaming\Malwarebytes
2010-02-25 03:41:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-25 03:41:23 0 d-----w- c:\programdata\Malwarebytes
2010-02-25 03:41:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-25 03:41:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 01:54:50 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-25 01:54:19 0 d-----w- c:\users\avalac~1\appdata\roaming\SUPERAntiSpyware.com
2010-02-25 01:54:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-25 01:53:32 0 d--h--w- c:\windows\PIF
2010-02-25 01:53:18 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-24 23:54:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-24 23:54:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-24 23:54:19 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-02-24 23:53:27 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-24 23:53:27 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-24 23:53:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-24 23:53:09 0 d-----w- c:\program files\Symantec
2010-02-24 23:52:32 0 d-----w- c:\windows\system32\drivers\N360
2010-02-24 23:52:30 0 d-----w- c:\program files\Norton 360
2010-02-24 23:51:38 0 d-----w- c:\program files\NortonInstaller
2010-02-24 23:12:39 723456 ----a-w- c:\windows\system32\sbe.dll
2010-02-24 23:12:37 763904 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2010-02-24 23:12:37 604672 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 23:12:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 04:37:52 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:37:51 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:37:50 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:37:50 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:37:50 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:37:50 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:37:49 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:37:49 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:37:49 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 02:27:16 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-24 00:35:34 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-23 19:20:38 0 d-----w- C:\N360_BACKUP
2010-02-23 00:54:20 0 d-----w- c:\programdata\WindowsSearch
2010-02-13 04:37:39 65536 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-001e33d261ab}.TM.blf
2010-02-13 04:37:39 524288 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-001e33d261ab}.TMContainer00000000000000000002.regtrans-ms
2010-02-13 04:37:39 524288 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-001e33d261ab}.TMContainer00000000000000000001.regtrans-ms
2010-02-09 01:31:43 0 d-----w- c:\users\avalac~1\appdata\roaming\Reallusion
2010-02-09 01:31:02 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-02-08 23:09:08 0 d-----w- c:\users\avalac~1\appdata\roaming\DAZ 3D
2010-02-08 23:08:45 0 d-----w- c:\program files\common files\DAZ
2010-02-08 23:08:28 0 d-----w- c:\program files\DAZ 3D
2010-02-08 22:45:02 0 d-----w- c:\programdata\McAfee Security Scan
2010-02-08 22:45:02 0 d-----w- c:\programdata\McAfee
2010-02-08 22:45:00 0 d-----w- c:\program files\McAfee Security Scan
2010-02-08 05:03:46 101072 ----a-w- c:\users\avalac~1\appdata\roaming\GDIPFONTCACHEV1.DAT

==================== Find3M ====================

2010-02-24 23:53:29 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-24 23:53:29 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 23:53:29 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-13 04:50:24 280 ----a-w- c:\users\avalac~1\appdata\roaming\wklnhst.dat
2010-01-30 18:49:24 114688 ----a-w- c:\windows\system32\wpe.dll
2010-01-30 18:33:06 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-01-29 20:43:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 13:41:22 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-12-08 20:52:17 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:52:16 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-05-04 03:35:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-02 17:19:56 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 14:30:07 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 11:25:50 245760 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-09-06 02:28:05 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-03 21:31:53 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-09-03 21:31:17 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 22:45:30.42 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/30/2009 6:06:21 AM
System Uptime: 3/5/2010 10:29:44 PM (0 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ X2 Dual-Core QL-65 | Socket M2/S1G1 | 2100/2000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 157.984 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF1E1179&REV_02\4&39094C12&0&0028
Manufacturer: Realtek
Name: Realtek RTL8101 Family PCI-E Fast Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_FF1E1179&REV_02\4&39094C12&0&0028
Service: RTL8169

==== System Restore Points ===================


==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
AIM 7
AIM Toolbar
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Compatibility Pack for the 2007 Office system
Direct DiscRecorder
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java™ 6 Update 16
LightScribe 1.4.124.1
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft Default Manager
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Move Media Player
MSN Toolbar
MSN Toolbar Platform
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netzero Internet Access Installer
Norton 360
Norton Internet Security
OGA Notifier 2.0.0048.0
PlayReady PC runtime
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
Search Settings 1.2.2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skins
Skype Launcher
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows 7 Upgrade Advisor
Windows Live ID Sign-in Assistant
Yahoo! BrowserPlus
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yugioh Virtual Dueling

==== End Of File ===========================





BC AdBot (Login to Remove)

 


#2 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 05 March 2010 - 11:35 PM

got it! gmer:


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-05 23:30:26
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\AVALAC~1\AppData\Local\Temp\kwtdauow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----




#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 06 March 2010 - 09:36 AM

Hello Victim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Please download Malwarebytes Anti-Malware (v1.43) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

2.
Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

3.
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this short video by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.

Things to include in your next reply:
MBAM log
SAS log
Eset log
A new DDS log
No need for a Attach.txt log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 06 March 2010 - 01:22 PM

HI, I HAVE DONE ALL THAT YOU ASKED IN MY PREVIOUS TOPIC, I CAN SND YOU THE LOGS..AFTER ALL TAHT I WAS ASKED TO USE DEFOGGER AND GMER, THEN ENTER A NEW TOPIC...DO U STILL WANT ME TO REDUE ALL THEM?

#5 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 06 March 2010 - 07:04 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3830
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/6/2010 7:03:05 PM
mbam-log-2010-03-06 (19-03-05).txt

Scan type: Quick Scan
Objects scanned: 102168
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 06 March 2010 - 08:32 PM

Hello,

Please do all the steps from above. I need to see new logs as malware is constantly changing and even sometimes downloads new files to your machine without you noticing.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 06 March 2010 - 08:56 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2010 at 08:33 PM

Application Version : 4.34.1000

Core Rules Database Version : 4618
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 01:12:05

Memory items scanned : 273
Memory threats detected : 0
Registry items scanned : 7316
Registry threats detected : 0
File items scanned : 126216
File threats detected : 48

Adware.Tracking Cookie
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\avalach23@microsoftwindows.112.2o7[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ad.wsod[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ad.yieldmanager[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ad.yieldmanager[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@adbrite[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@adbrite[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@adecn[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ads.ad4game[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ads.bootcampmedia[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ads.bootcampmedia[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ads.bridgetrack[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@ads.pointroll[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@adserver.adtechus[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@advertising[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@apmebf[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@apmebf[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@atdmt[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@atdmt[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@bs.serving-sys[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@bs.serving-sys[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@collective-media[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@collective-media[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@content.yieldmanager[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@content.yieldmanager[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@content.yieldmanager[4].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@doubleclick[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@doubleclick[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@fastclick[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@imrworldwide[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@imrworldwide[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@interclick[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@invitemedia[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@media6degrees[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@mediaplex[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@mediaplex[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@microsoftmachinetranslation.112.2o7[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@microsoftwindows.112.2o7[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@msnportal.112.2o7[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@pointroll[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@questionmarket[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@revsci[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@revsci[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@serving-sys[2].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@serving-sys[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@tribalfusion[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@tribalfusion[3].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@www.googleadservices[1].txt
C:\Users\Avalach23\AppData\Roaming\Microsoft\Windows\Cookies\Low\avalach23@zedo[1].txt



#8 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 06 March 2010 - 10:47 PM

working on the est online scan again--had to redue, ath the very end like 98% done it just disappeared!

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 06 March 2010 - 10:52 PM

OK, Also after Eset play around a little bit and tell what problems your still having?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 06 March 2010 - 11:18 PM

ok, as soon as im finished i'll post....usually it runs fine for 2=3 days the it pops its ugly head in again so ill def. let u know

#11 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 07 March 2010 - 12:41 AM

ok, on the firdt run it found a threat, then the scanner disappeared , so i re[scanned and it says no threats found, it doesnt give me the options you asking,,to list threats

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 07 March 2010 - 12:56 AM

Hello STRESSED,

1,
Uninstalling A Program Through "add/remove"

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Search Settings 1.2.2

Additional instructions can be found here if needed.

Please post a new DDS log along with any remaining problems

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 08 March 2010 - 06:16 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding smile.gif

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:04 PM

Posted 11 March 2010 - 11:04 AM

Hello.

There had been no reply from the topic starter in 5 days. Due to inactivity, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 STRESSED

STRESSED
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:ny
  • Local time:02:04 PM

Posted 12 March 2010 - 07:54 PM

hi, my last topic was closed, i didnt get back in time, still need help, please , dds as requested.
----------------------------------------------------------------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Avalach23 at 22:30:40.57 on Fri 03/12/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2813.1806 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Avalach23\Desktop\Desktop\Jeff's junk\Desktop\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows

live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\users\avalach23\desktop\desktop\jeff's junk\desktop\desktop\veoh compass\veoh

video compass\SearchRecsPlugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [<NO NAME>]
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\avalach23\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-25 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-25 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-25 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100310.001\IDSvix86.sys [2010-3-10

343088]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-27 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-27 176128]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-25 117640]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-2-11 62776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-20 12920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-24 102448]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-25 48688]
S3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-3

30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-03-11 08:02:19 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 08:02:13 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 08:02:12 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-09 08:03:31 0 d-----w- c:\program files\Ask.com
2010-03-07 07:56:09 0 d-----w- c:\users\avalach23\Office Genuine Advantage
2010-03-06 23:52:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-06 23:52:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-06 04:29:04 93056 ----a-w- C:\kwtdauow.sys
2010-03-06 03:37:47 0 ----a-w- c:\users\avalach23\defogger_reenable
2010-03-04 16:14:36 347745239 ----a-w- c:\windows\MEMORY.DMP
2010-03-04 11:23:56 0 d--h--w- c:\windows\msdownld.tmp
2010-03-04 08:21:57 0 d-----w- c:\users\avalach23\DoctorWeb
2010-03-04 01:57:36 0 d-----w- c:\program files\ESET
2010-02-28 08:08:46 0 d-----w- c:\programdata\HP
2010-02-27 12:56:02 74263 ----a-w- c:\users\avalach23\.recently-used.xbel
2010-02-25 04:26:01 0 d-----w- c:\program files\CCleaner
2010-02-25 03:41:56 0 d-----w- c:\users\avalac~1\appdata\roaming\Malwarebytes
2010-02-25 03:41:23 0 d-----w- c:\programdata\Malwarebytes
2010-02-25 03:41:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-25 01:54:50 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-25 01:54:19 0 d-----w- c:\users\avalac~1\appdata\roaming\SUPERAntiSpyware.com
2010-02-25 01:54:19 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-25 01:53:32 0 d--h--w- c:\windows\PIF
2010-02-25 01:53:18 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-24 23:54:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-24 23:54:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-24 23:54:19 25648 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-02-24 23:53:27 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-24 23:53:27 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-02-24 23:53:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-24 23:53:09 0 d-----w- c:\program files\Symantec
2010-02-24 23:52:32 0 d-----w- c:\windows\system32\drivers\N360
2010-02-24 23:52:30 0 d-----w- c:\program files\Norton 360
2010-02-24 23:51:38 0 d-----w- c:\program files\NortonInstaller
2010-02-24 23:12:39 723456 ----a-w- c:\windows\system32\sbe.dll
2010-02-24 23:12:37 763904 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2010-02-24 23:12:37 604672 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-24 23:12:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 04:37:52 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 04:37:51 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 04:37:50 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 04:37:50 472064 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 04:37:50 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 04:37:50 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 04:37:49 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 04:37:49 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 04:37:49 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 02:27:16 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-02-24 00:35:34 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-23 19:20:38 0 d-----w- C:\N360_BACKUP
2010-02-23 00:54:20 0 d-----w- c:\programdata\WindowsSearch
2010-02-13 04:37:39 65536 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-001e33d261ab}.TM.blf
2010-02-13 04:37:39 524288 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-

001e33d261ab}.TMContainer00000000000000000002.regtrans-ms
2010-02-13 04:37:39 524288 --sha-w- c:\users\avalach23\ntuser.dat{464cd310-1859-11df-8fdd-

001e33d261ab}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-03-10 21:11:07 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-03-10 21:11:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-10 21:11:04 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-13 04:50:24 280 ----a-w- c:\users\avalac~1\appdata\roaming\wklnhst.dat
2010-02-08 05:03:46 101072 ----a-w- c:\users\avalac~1\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-01-30 18:49:24 114688 ----a-w- c:\windows\system32\wpe.dll
2010-01-30 18:33:06 216576 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-01-29 20:43:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-28 13:41:22 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-28 12:35:50 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-28 12:32:34 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-28 12:32:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-28 12:32:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-28 12:32:25 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-28 12:31:22 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-28 12:31:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-28 12:28:43 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-12-28 12:28:43 65024 ----a-w- c:\windows\system32\avicap32.dll
2009-05-04 03:35:50 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-02 17:19:56 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 14:30:07 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-14 11:25:50 245760 --sha-w- c:\windows\system32\%appdata%\microsoft\windows\ietldcache\index.dat
2009-09-06 02:28:05 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-03 21:31:53 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-09-03 21:31:17 4 --sh--r- c:\windows\system32\drivers\taishop.sys

============= FINISH: 22:31:45.64 ===============



Edited by STRESSED, 12 March 2010 - 10:36 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users