Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New HJT Log... Beesq.net and BuzzDock Cannot Remove


  • This topic is locked This topic is locked
7 replies to this topic

#1 smileyfta

smileyfta

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 20 September 2012 - 11:24 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:12:53 AM, on 9/20/2012
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Program Files\Ortivus Inc\Client Update Service\Ortivus.Update.Client.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files\Samsung\Kies\Kies.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HJTHotkey\HJTHotkey.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

plimus.com,www.plimus.com,regnow.com,www.regnow.com,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -

C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program

Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012

\avgssie.dll
O2 - BHO: UAButtonBHO - {3CE56DB6-FCBE-4422-9454-63C354178985} - C:\Program Files\UAPick\UABtn.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites -

{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: MediaBar - {EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google

Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [OrtivusUpdateClientTray] C:\Program Files\Ortivus Inc\Client Update Service\Ortivus.Update.Client.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [EasyTether] "C:\Program Files\Mobile Stream\EasyTether\easytthr.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Restore Gadgets Positions.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14

\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft

Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft

Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files\UAPick\UABtn.dll
O9 - Extra 'Tools' menuitem: Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files\UAPick\UABtn.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file

missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) -

http://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} (Auctiva Image Uploader Control) -

http://www.auctiva.com/Aurigma/ImageUploader57.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009

\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft

Shared\Help\hxds.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft

Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common

Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -

C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\system32\brsvc01a.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe"

/svc (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe"

/medsvc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HsdService - Windstream - C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix

Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program

Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Microsoft SharePoint Workspace Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office14

\GROOVE.EXE" /auditservice (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance

Service\maintenanceservice.exe
O23 - Service: SQL Server FullText Search (EMSSUITE) (msftesql$EMSSUITE) - Unknown owner - c:\Program Files\Microsoft SQL

Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:EMSSUITE (file missing)
O23 - Service: SQL Server (EMSSUITE) (MSSQL$EMSSUITE) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1

\MSSQL\Binn\sqlservr.exe" -sEMSSUITE (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common

Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB19 - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file

missing)
O23 - Service: ServicepointService - Radialpoint SafeCare Inc. - C:\Program Files\Windstream\Service

Agent\ServicepointService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD

PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe
O23 - Service: Ortivus Update Server (UpdateServer) - TriTech Software Systems - C:\Program Files\Ortivus Inc\Client Update

Service\Ortivus.Update.Server.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows

Media Player\wmpnetwk.exe (file missing)

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 24 September 2012 - 09:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

HijackThis is not providing accurate information.
In your case we need to see a DDS Log.
I would remove HijackThis using the Add/Remove Programs list as most forums now ask to see this log.

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

p.s.

Before you do run the tool, remove the WordWrap function from NotePad.
You will find this under the Format Menu.
This will eliminate all the blank lines in your log and make is possible for me to analyse your log.

#3 smileyfta

smileyfta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 25 September 2012 - 06:44 PM

DDS Log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2009 7:44:56 AM
System Uptime: 9/25/2012 5:09:50 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 27.332 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #6
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel
.
==== System Restore Points ===================
.
RP1077: 8/20/2012 12:34:08 PM - Revo Uninstaller Pro's restore point - iLivid
RP1096: 8/27/2012 6:20:25 PM - Restore Operation
RP1147: 9/24/2012 12:05:41 PM - Restore Operation
RP1148: 9/24/2012 5:36:57 PM - Restore Operation
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Dreamweaver CS5.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 7.0
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Adobe Widget Browser
aioprnt
aioscnnr
ArrangeVistaSidebar
AVG 2012
Bayden UAPick
BitTorrent
Brother HL-5370DW
C4USelfUpdater
CameraHelperMsi
Catan Online World
CD/DVD Drive Acoustic Silencer
CDBurnerXP
center
CoffeeCup Visual Site Designer Software
Compatibility Pack for the 2007 Office system
Custom Framer - Art 4.0
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DVD MovieFactory for TOSHIBA
DVD Shrink 3.2
EASEUS Data Recovery Wizard Professional 4.3.6
EasyTether
erLT
essentials
EVEREST Ultimate Edition v5.50
ffdshow v1.1.4158 [2011-12-17]
File Type Assistant
Flash Domination
Free File Viewer 2011
Google Talk (remove only)
Google Toolbar for Firefox
Google Update Helper
Hex Workshop v6.6
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iDEN Phonebook Manager
iLivid
ImageRecall 2
ImgBurn
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java™ 6 Update 30
Kodak AIO Printer
KODAK AiO Software
ksDIP
LAME v3.98.3 for Audacity
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Automated Troubleshooting Services Shim
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Office XP Professional with FrontPage
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft ReportViewer 2010 Redistributable
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (EMSSUITE)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKVtoolnix 4.9.1
MobileMe Control Panel
Monopoly Tycoon
Motorola Driver Installation
Move Media Player
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
Nero 7 Ultra Edition
neroxml
ocr
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
Ortivus Fusion ePCR
Ortivus Updater
Picasa 3
Portforward Static IP Address 1.0.47
PreReq
QuickBooks
QuickBooks Pro 2009
QuickTime
Radialpoint Security Advisor 2.5.15
Radialpoint Servicepoint Dashboard Extensions version 12.2.27.36396
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
REALTEK RTL8187B Wireless LAN Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
RealUpgrade 1.1
RealWorld Icon Editor
Recuva (remove only)
Revo Uninstaller Pro 2.5.8
Safari
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SpeedFan (remove only)
Spybot - Search & Destroy
SQL Server System CLR Types
SupportSoft Assisted Service
Synaptics Pointing Device Driver
The Sims 3 Ultimate Bundle
The Weather Channel Desktop 6
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
Visual Studio 2005 Tools for Office Second Edition Runtime
Windows 7 USB/DVD Download Tool
Windows Media Encoder 9 Series
Windstream Diagnostic Tools 3.0.21
Windstream Service Agent 4.1.15
WinRAR archiver
Wireless LAN Service Component
WIZ1x0SR_Configtool
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
9/25/2012 6:23:12 PM, Error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
9/25/2012 5:17:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
9/25/2012 5:17:01 PM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/25/2012 5:17:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
9/25/2012 5:12:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Kodak AiO Network Discovery Service service to connect.
9/25/2012 5:12:20 PM, Error: Service Control Manager [7000] - The Kodak AiO Network Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/25/2012 5:10:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:54 PM on 9/25/2012 was unexpected.
9/24/2012 8:04:45 PM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
9/24/2012 8:04:45 PM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
9/24/2012 8:04:45 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
9/24/2012 7:41:32 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
9/24/2012 7:15:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/24/2012 6:10:57 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
9/24/2012 6:10:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.
9/24/2012 6:09:06 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
9/24/2012 6:08:07 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
9/24/2012 6:08:07 PM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this command.
9/24/2012 5:39:25 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
9/24/2012 12:08:49 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
9/23/2012 6:34:31 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/23/2012 6:34:31 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/23/2012 6:34:31 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/23/2012 4:17:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.103 for the Network Card with network address 00225FD4660F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/23/2012 11:30:28 AM, Error: EventLog [6008] - The previous system shutdown at 11:27:56 AM on 9/23/2012 was unexpected.
9/22/2012 9:02:25 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.105 for the Network Card with network address 00225FD4660F has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
9/22/2012 9:01:45 PM, Error: EventLog [6008] - The previous system shutdown at 12:14:26 PM on 9/22/2012 was unexpected.
9/22/2012 11:12:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/21/2012 11:13:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss RtlProt Smb spldr tdx Wanarpv6
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Ortivus Update Server service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/21/2012 11:13:32 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/21/2012 11:13:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/21/2012 11:12:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/21/2012 11:12:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/21/2012 11:12:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/21/2012 11:12:09 AM, Error: EventLog [6008] - The previous system shutdown at 11:10:25 AM on 9/21/2012 was unexpected.
9/20/2012 12:33:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "230" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
9/20/2012 10:54:45 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
9/20/2012 10:54:45 AM, Error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
9/20/2012 10:54:45 AM, Error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
9/20/2012 10:54:45 AM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2012 10:54:45 AM, Error: Service Control Manager [7031] - The Message Queuing Triggers service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2012 10:54:45 AM, Error: Service Control Manager [7031] - The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
9/20/2012 10:54:45 AM, Error: Service Control Manager [7031] - The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
9/20/2012 10:29:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
9/20/2012 10:29:37 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2012 5:44:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
9/19/2012 5:44:50 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Multimedia Class Scheduler service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2012 5:44:50 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/19/2012 5:42:57 PM, Error: EventLog [6008] - The previous system shutdown at 5:39:34 PM on 9/19/2012 was unexpected.
.
==== End Of File ===========================

My biggest issue is something has hijacked my google search boxes and toolbar and even when I go to gooogle.com it redirects me to beesq.net and some other off the wall website. Also and I apologize if you are mad or upset with me but I had tried getting help at another site and this person told me to run combofix.exe and I did and wish I had not and I apologize for not waiting for you to respond, so here is that log file from running combofix also. I have some issues after running combofix such as my desktop being totally changed and some other issues and I would like to restore back to prior to running combofix.exe however cannot figure out how to do that. It has made double files of all my main folders such as 2 document folders, 2 desktops, 2 control panels, just really weird and it did not get rid of whatever has hijacked my IE9 and it has simply caused more problems than helped.. Anyways here is the log file for combofix also.

ComboFix 12-09-23.03 - Jason 09/24/2012 6:46.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1206 [GMT -5:00]
Running from: c:\users\Jason\Desktop\Rare\Spyware Tools\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1E12412A-8571-46E4-ABD3-547F997B4089}.xps
c:\users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\{52670D65-2C2A-4174-88B3-AC7F6F6C9CF3}.xps
c:\users\Jason\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\users\Jason\AppData\Roaming\Local
c:\users\Jason\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr
c:\users\Jason\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr
c:\users\Jason\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx
c:\users\Jason\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx.ddp
c:\windows\security\Database\tmp.edb
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 12:31 . 2012-09-24 12:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-09-24 12:03 . 2012-09-24 12:03 -------- d-----w- c:\users\QBDataServiceUser19\AppData\Local\temp
2012-09-24 12:03 . 2012-09-24 12:03 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-24 12:03 . 2012-09-24 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-24 12:03 . 2012-09-24 16:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-24 12:03 . 2012-09-24 12:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-09-21 16:15 . 2012-09-21 16:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-09-20 16:32 . 2012-09-20 17:14 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-20 16:32 . 2012-09-20 16:34 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-18 22:13 . 2012-09-18 22:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Adobe
2012-09-14 13:30 . 2012-09-14 13:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-07 04:44 . 2012-09-07 04:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Logitech® Webcam Software
2012-09-07 04:42 . 2012-09-07 04:42 -------- d-----w- C:\AVG2012
2012-09-07 04:41 . 2012-09-07 04:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\Toshiba
2012-08-27 08:53 . 2012-08-27 08:53 -------- d-----w- c:\users\Jason\AppData\Local\Macromedia
2012-08-27 08:14 . 2012-08-27 08:14 -------- d-----w- c:\users\Jason\AppData\Roaming\Yahoo!(865)
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-23 17:03 . 2012-04-14 14:24 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-23 17:03 . 2011-05-23 16:23 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 22:04 . 2010-02-21 00:31 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-24 20:43 . 2012-08-24 20:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-03 00:38 . 2012-08-03 00:38 53248 ----a-r- c:\users\Jason\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-07-26 08:21 . 2012-07-26 08:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-07-04 14:02 . 2012-08-17 08:06 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-17 08:06 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-17 08:06 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-17 08:06 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-17 08:06 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-17 08:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2010-05-03 20:46 . 2010-07-06 03:04 151552 ------w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG_V3_0_2.exe
2012-09-14 13:29 . 2012-09-14 13:29 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"NDSTray.exe"="NDSTray.exe" [BU]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 1242424]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"OrtivusUpdateClientTray"="c:\program files\Ortivus Inc\Client Update Service\Ortivus.Update.Client.exe" [2012-07-13 1268224]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-06-15 1532760]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-17 296056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-3-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-12-22 984936]
Restore Gadgets Positions.lnk - c:\windows\Installer\{32657580-390C-43EF-8368-63A33317221C}\_C8B1123C195BC741EA82DA.exe [2011-12-30 7406]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\e:\0autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Jason^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
path=c:\users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverFinder
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-15 22:42 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 12:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
2012-07-31 08:37 2596984 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 01:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrStsWnd]
2009-06-11 15:17 3618104 ------w- c:\program files\Brownie\BrStsWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiagnosticTools.exe]
2011-04-25 21:34 2037048 ----a-w- c:\program files\Windstream\Diagnostic Tools\DiagnosticTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 21:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-03-10 16:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-02-17 06:38 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windstream Service Agent.exe]
2011-10-14 05:28 10204472 ----a-w- c:\program files\Windstream\Service Agent\Windstream Service Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xvid]
2011-01-17 19:41 8192 ----a-w- c:\program files\Xvid\CheckUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-194599604-3508300507-3716692773-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 17:03]
.
2012-09-23 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2011-12-06 19:24]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd90767593a091.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 16:05]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-10 16:05]
.
2012-09-20 c:\windows\Tasks\User_Feed_Synchronization-{CACB8B2F-F774-4B44-88B7-E22872746AC0}.job
- c:\windows\system32\msfeedssync.exe [2011-06-22 16:36]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files\UAPick\UABtn.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\d4sm6zz2.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113248&tt=060612_6_&babsrc=KW_ss&mntrId=c494b227000000000000020054746872&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
- - - - ORPHANS REMOVED - - - -
.
BHO-{EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
Toolbar-{EE9A4208-64EC-11DE-8440-204256D89593} - (no file)
Toolbar-Locked - (no file)
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-B-Line - c:\users\Jason\AppData\Local\VirtualStore\Program Files\New Tier\CommunicatorV2\tray_stub_v2.exe
MSConfigStartUp-download beast - c:\program files\Download Beast\DownloadBeast.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
AddRemove-Satellite Finder 4.9_is1 - c:\users\Jason\My Files\FTA\Tools\SatFinder\unins000.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-24 11:46
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CGTOUE19.txt 372 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CLVHZWNN.txt 464 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\17B729AE.txt 767 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\WSGBMF1M.txt 104 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\NJLR9PUW.txt 141 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PSME83CP.txt 743 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LVTKX556.txt 2104 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JHXR5I9Q.txt 2310 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JRX7IQY7.txt 532 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Y3MXQOHW.txt 196 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6VIP1U98.txt 106 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\707ME85P.txt 602 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9EIDU14X.txt 90 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O5J4QRW2.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\C549IX8K.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\84DZBWAL.txt 2161 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\88ZI1BQ7.txt 151 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5U97GFHD.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\G1RNW1BX.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\G3YDR8WK.txt 501 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\HZKKPIHX.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\I8373Q62.txt 96 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\X7EQQJ5J.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JWSLJ1Y1.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\KEVPV05Y.txt 401 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VU1TAF08.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1292TN7Q.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\B1JVK0W2.txt 180 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\H4210ACJ.txt 403 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CU9YEFUW.txt 148 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CWVIN4QU.txt 437 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\94HNZ78O.txt 145 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\TU3ENXQD.txt 197 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\REGWC2ZE.txt 2460 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\O8MLDL6Z.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\OKAXTXCB.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\S6YJ4SZC.txt 624 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PKEDXV2E.txt 331 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PKWYOW1J.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\PO91WPAU.txt 187 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DD1CYUXW.txt 125 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VJ3BLUBC.txt 163 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MMDCWP06.txt 635 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MMI3DAQO.txt
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0CE9TIC0.txt 139 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\0F30LCVD.txt 1692 bytes
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7BKA5FG3.txt 760 bytes
.
scan completed successfully
hidden files: 47
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$EMSSUITE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:EMSSUITE"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Windstream\Diagnostic Tools\HsdService.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
c:\windows\system32\mqsvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Windstream\Service Agent\ServicepointService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\mqtgsvc.exe
c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2012-09-24 11:57:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-24 16:56
.
Pre-Run: 32,593,747,968 bytes free
Post-Run: 33,578,401,792 bytes free
.
- - End Of File - - 9750E0F62306C8AC20C86FECA343C5F9

#4 smileyfta

smileyfta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 26 September 2012 - 06:54 AM

I also rebooted into safe mode with networking and ran Rkill.exe prior to running Malewarebytes, Spybot S&D, and AVG in which NONE of the 3 found any threats however my google is still redirected, even when I simply go to gooogle.com actual website. Below is the Rkill log:



Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/25/2012 10:14:27 PM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (AFD) is not Running.
Startup Type set to: Automatic (Delayed Start)

* msiserver => %systemroot%\system32\msiexec.exe /V [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/25/2012 10:14:48 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 26 September 2012 - 07:50 AM

I have some issues after running combofix such as my desktop being totally changed and some other issues and I would like to restore back to prior to running combofix.exe however cannot figure out how to do that. It has made double files of all my main folders such as 2 document folders, 2 desktops, 2 control panels, just really weird.


Try to restore your System to a date prior to running ComboFix.

If successful please run the DDS tool and post the DDS.txt log.

Let me know what problem exists at this date.

#6 smileyfta

smileyfta
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:04:35 AM

Posted 26 September 2012 - 09:13 AM

After Combofix was ran I only had one restore point and I restored to that date (over a month ago actually) and it did not change anything. I still have my google toolbar hijacked/redirected and even when I go to gooogle.com it redirects me to beesq.net and another redirect that does not give any name, just a page with a bunch of search results that are not even related to my search in large font and bright blue letters. That is my problem, the redirect of every google search I make. As I have stated above I uninstalled google, google toolbar and still no go. I have also checked my LAN settings, my TCP/IP settings and then rebooted into safe mode and ran Malewarebytes, AVG, Windows Malacsious Removal Tool, Spybot S&D all in safe mode with networking and I still have the redirect. PLEASE HELP!!!! I can't even search on google, this is nutz!!!

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 26 September 2012 - 09:52 AM

We have to check deeper.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:35 AM

Posted 02 October 2012 - 08:06 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users