TechSpot

Assistance needed for persistent Google redirect virus

Inactive
By ormolu611
May 1, 2011
  1. I am in need of assistance. Apparently, I picked up some redirect virus about 5 or so days ago that results in redirects to websites like "www.bricksearch.com" when I click on search result links. In order to visit the page that I am looking for, I have to either click on the cache version or copy and paste the address into the address bar. In perusing the web over the past few days, I have tried to eradicate it myself by downloading and running cloud panda, and malwarebytes. Malwarebytes did actually find a couple of trojans, but alas, I still have the problem! Oh yeah, perhaps the most annoying, which I think is related as it started at the same time, Captcha does not work on my machine as the letters are not displayed! This makes posting to Craigslist and even this site impossible! I have to use my girlfriend's computer! Is this site going to require a captcha for every post I make? Help!
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Are you old enough to remember the Mighty Mouse cartoons? When he swooped in, he always said> "Here I am to save the day!" Okay, I don't 'swoop', but I will be glad to help with the redirect problem.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    difficulty posting logs

    Bobbye, thanks for offering to help me with this! I have completed the steps that you outlined, but I am delayed in posting the logs because my computer does not display captcha since a few days ago. I wonder if it virus related as this problem started when I started getting redirected. I am posting this now using my blackberry. I can post the logs tomorrow ising my girlfriend's pc.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Are you logging in? That should be all it takes once you're registered.
     
  5. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    captcha required

    Yes, I am logged in, but immediately below the "reply to thread" section, there is a captcha requirement prior to posting a response. On my blackberry, the distorted words are visible. On my pc, they are not. Just says "image verification" with no captcha image below it. When I try to post without the captcha, I get an error saying,"The string you entered for the image verification did not match what was displayed."
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am going to advise the site editor of this, but I need to know the following:
    1. Operating system
    2. Browser and version

    As soon as you let me know , I'll add it to the message I already have written.
     
  7. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Thanks so much! I am using Windows XP, and the problem with captcha is in IE8, Mozilla 5.0, and the latest version of Opera.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, thanks. Have sent PM. Hang on to the logs and don't run any other cleaning scans so the logs will still be good. S/B later today.
     
  9. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    DDS

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Thomas Love at 21:42:26.01 on Sun 05/01/2011
    Internet Explorer: 8.0.6001.18372 BrowserJavaVersion: 1.6.0_24
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SYSTEM32\WISPTIS.EXE
    C:\WINDOWS\System32\tabbtnu.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe
    C:\Program Files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    C:\WINDOWS\system32\thpsrv.exe
    C:\Program Files\TOSHIBA\TME3\TMETEMNU.EXE
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
    C:\WINDOWS\SkyTel.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\Toshiba\CrossMenu\CrossMenu.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LivePost\LivePost powered by PostNexus\AppStart.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\LivePost\LivePost powered by PostNexus\3.2.0.47\PNlaunch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Thomas Love\Desktop\dds.scr
    C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.emortgagelogic.com/www/index.htm
    uSearch Bar =
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    mSearchAssistant =
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101110120748.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
    mRun: [TSkrMain] c:\program files\toshiba\acceleration utilities\shaker\TSkrMain.exe
    mRun: [TRot.exe] c:\program files\toshiba\toshiba rotation utility\TRot.exe
    mRun: [TPSODDCtl] TPSODDCtl.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [TouchED] c:\program files\toshiba\touched\TouchED.Exe
    mRun: [TOSDCR] TOSDCR.EXE
    mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
    mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
    mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
    mRun: [TFNF5] TFNF5.exe
    mRun: [TFncKy] TFncKy.exe
    mRun: [TAcelMgr] c:\program files\toshiba\acceleration utilities\tacelmgr\TAcelMgr.exe
    mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
    mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [SkyTel] SkyTel.EXE
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    mRun: [NDSTray.exe] NDSTray.exe
    mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [CrossMenu] c:\program files\toshiba\crossmenu\CrossMenu.exe
    mRun: [CFSServ.exe] CFSServ.exe -NoClient
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [AGRSMMSG] AGRSMMSG.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [00THotkey] c:\windows\system32\00THotkey.exe
    mRun: [000StTHK] 000StTHK.exe
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
    mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
    mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35[1].exe" /scan:boot
    mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
    dRun: [AVG7_Run] c:\progra~1\grisoft\avgfre~1\avgw.exe /RUNONCE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://web11.farvv.com/sn/ImageUploader6.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
    Notify: psfus - psqlpwd.dll
    Notify: TabBtnWL - TabBtnWL.dll
    Notify: tpgwlnotify - tpgwlnot.dll
    Notify: TSigNP - TSigNP.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli psqlpwd
    Hosts: 184.107.64.190 www.google.com
    Hosts: 209.172.56.115 search.yahoo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\thomas~1\applic~1\mozilla\firefox\profiles\olrqrkyz.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nefar.com/memberMain.php|http://flexmls.realtyweb.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\documents and settings\thomas love\application data\mozilla\firefox\profiles\olrqrkyz.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npxsciter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? Avg7Alrt;AVG7 Alert Manager Server
    R? Avg7Core;AVG7 Kernel
    R? Avg7RsW;AVG7 Wrap Driver
    R? Avg7RsXP;AVG7 Resident Driver XP
    R? AvgClean;AVG Clean Driver
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? mfebopk;McAfee Inc. mfebopk
    R? mfendisk;McAfee Core NDIS Intermediate Filter
    R? mferkdet;McAfee Inc. mferkdet
    R? NWUSBCDFIL;Novatel Wireless Installation CD
    R? NWUSBPort2;Novatel Wireless USB Status2 Port Driver
    S? Akamai;Akamai NetSession Interface
    S? Avg7UpdSvc;AVG7 Update Service
    S? cfwids;McAfee Inc. cfwids
    S? FdRedir;FdRedir
    S? FileDisk2;FileDisk Protector Kernel Driver
    S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
    S? McMPFSvc;McAfee Personal Firewall Service
    S? McNaiAnn;McAfee VirusScan Announcer
    S? McProxy;McAfee Proxy Service
    S? McShield;McShield
    S? mfeavfk;McAfee Inc. mfeavfk
    S? mfefire;McAfee Firewall Core Service
    S? mfefirek;McAfee Inc. mfefirek
    S? mfehidk;McAfee Inc. mfehidk
    S? mfendiskmp;mfendiskmp
    S? mfetdi2k;McAfee Inc. mfetdi2k
    S? mfevtp;McAfee Validation Trust Protection Service
    S? NanoServiceMain;Panda Cloud Antivirus Service
    S? NvtlService;NovaCore SDK Service
    S? PSINAflt;PSINAflt
    S? PSINFile;PSINFile
    S? PSINKNC;PSINKNC
    S? PSINProc;PSINProc
    S? PSINProt;PSINProt
    S? smihlp;SMI helper driver
    S? TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver
    S? tdudf;TOSHIBA UDF File System Driver
    S? Thpdrv;TOSHIBA HDD Protection Driver
    S? Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver
    S? TMEI3E;TMEI3E
    S? Tmesrv;Tmesrv3
    S? WacomPen;Wacom Serial Pen HID Driver
    .
    =============== Created Last 30 ================
    .
    2011-04-30 16:43:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-04-30 16:43:03 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-30 16:42:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Walgreens
    2011-04-30 16:42:21 -------- d-----w- c:\program files\Walgreens
    2011-04-28 13:31:33 -------- d-----w- c:\docume~1\thomas~1\applic~1\Panda Security
    2011-04-28 13:29:40 -------- d-----w- c:\program files\Panda Security
    2011-04-28 13:29:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
    2011-04-28 13:10:57 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-04-28 13:10:56 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-04-28 13:09:40 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2011-04-27 14:32:19 -------- d-----w- c:\docume~1\thomas~1\applic~1\Malwarebytes
    2011-04-27 13:54:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 13:54:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2011-04-27 13:54:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-27 13:54:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-22 21:35:51 -------- d-----w- c:\program files\iPod
    2011-04-22 21:35:19 -------- d-----w- c:\program files\iTunes
    2011-04-22 21:21:31 -------- d-----w- c:\program files\Bonjour
    2011-04-19 23:21:56 69632 ----a-r- c:\docume~1\thomas~1\applic~1\microsoft\installer\{87df5956-a327-4304-8338-8e2b0aab843e}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2011-04-19 23:21:56 413696 ----a-r- c:\docume~1\thomas~1\applic~1\microsoft\installer\{87df5956-a327-4304-8338-8e2b0aab843e}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2011-04-19 23:21:56 413696 ----a-r- c:\docume~1\thomas~1\applic~1\microsoft\installer\{87df5956-a327-4304-8338-8e2b0aab843e}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2011-04-19 23:21:55 413696 ----a-r- c:\docume~1\thomas~1\applic~1\microsoft\installer\{87df5956-a327-4304-8338-8e2b0aab843e}\ARPPRODUCTICON.exe
    2011-04-07 01:17:25 -------- d-----w- c:\docume~1\thomas~1\locals~1\applic~1\Research In Motion
    2011-04-07 01:16:37 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-04-07 00:14:51 14744 ----a-w- c:\docume~1\thomas~1\applic~1\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    ==================== Find3M ====================
    .
    2011-03-15 01:28:51 256 ----a-w- c:\windows\system32\pool.bin
    2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe
    2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2011-02-03 01:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-02-02 23:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
    .
    ============= FINISH: 21:46:04.21 ===============
     
  10. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    gmer

    GMER 1.0.15.15572 - http://www.gmer.net
    Rootkit quick scan 2011-05-01 21:25:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK1032GSX rev.AS021G
    Running: rb9497xr.exe; Driver: C:\DOCUME~1\THOMAS~1\LOCALS~1\Temp\kwrdykob.sys


    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF74200E0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF74200F4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF7420120]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF7420176]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF74200CC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF74200A4]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF74200B8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF742010A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF742014C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF7420136]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF742018C]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF7420160]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \FileSystem\Ntfs \Ntfs FdRedir.sys (File Disk Redirector/UPEK Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
  11. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    mbam

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6487

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18372

    5/1/2011 8:41:16 PM
    mbam-log-2011-05-01 (20-41-15).txt

    Scan type: Quick scan
    Objects scanned: 168200
    Time elapsed: 39 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
     
  12. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Logs posted

    Bobbye, I have posted the logs that you requested. I am using another computer that I borrowed for the interim to get around the captcha issue. Please let me know if I have left anything out. Thanks.
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'll see if I can get someone else to reply. These logs don't look right- date of installs are missing.
    There is also another log from DDS named Attach.txt that I need.

    Basically, you host files have been hijacked. Usually something related to this will show up in Mbam, but that's clean. Go ahead and do the following first:

    You will need to do a DNS Flush, then reset your router.
    Start> Run> type cmd> enter> at the C prompt type ipconfig /flushdns (note space before the /)

    Exit the Command prompt when finished and shut the system down.-

    • [1]. Shut down your computer, and any other computer connected to your router.
      [2]. On the back of the router, there should be a small hole or button labelled RESET. Using a bent paper clip or similar item, hold that in continuously for twenty seconds.
      [3]. Unplug the router. Wait sixty seconds.
      [4].Now holding again the reset button, plug it back in. Continue holding the reset button for twenty seconds. Unplug the router again.
      [5].With the router unplugged, start your computer. Run MBAM again.
      [6].Connect to the router again. The turn the router back on.
      [7].When it stabilizes, reboot your workstation and try to access the internet. If you have any issues, access the Router configuration page and re-enter your authentication information.
      [8]. Reboot the system and test the internet. You may have to reconfigure the router settings based on your setup.
    =====================================
    When that has been done: Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Please Uncheck "Remove found threats" (I will remove them, if any, in a programs that will also remove related files)
    7. Check "Scan unwanted applications"
    8. Click Scan
    9. Wait for the scan to finish
    10. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    11. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    12. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===========================================
    Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan:
    Uninstall directions

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Question Do you have another language other than English on the system?

    Hold off on the logs until later today.
     
  14. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/2/2006 8:54:42 AM
    System Uptime: 5/1/2011 7:46:10 PM (2 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | uFC-PGA Socket | 1053/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 49.885 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP101: 1/30/2011 6:59:37 PM - System Checkpoint
    RP102: 2/1/2011 8:02:10 AM - NMEA Port
    RP103: 2/1/2011 8:03:06 AM - Removed Sprint SmartView.
    RP104: 2/1/2011 8:05:27 AM - Installed Sprint SmartView.
    RP105: 2/2/2011 3:50:55 PM - System Checkpoint
    RP106: 2/3/2011 6:58:07 PM - System Checkpoint
    RP107: 2/7/2011 12:49:57 PM - Removed Opera 10.61.
    RP108: 2/7/2011 12:50:46 PM - Installed Opera 11.01.
    RP109: 2/10/2011 6:32:11 PM - System Checkpoint
    RP110: 2/12/2011 8:10:22 PM - Software Distribution Service 3.0
    RP111: 2/14/2011 11:06:01 PM - System Checkpoint
    RP112: 2/15/2011 11:41:37 PM - System Checkpoint
    RP113: 2/17/2011 12:03:52 AM - System Checkpoint
    RP114: 2/17/2011 12:27:57 AM - Software Distribution Service 3.0
    RP115: 2/18/2011 9:29:06 AM - System Checkpoint
    RP116: 2/20/2011 9:11:25 AM - System Checkpoint
    RP117: 2/21/2011 10:14:24 AM - System Checkpoint
    RP118: 2/21/2011 10:38:00 PM - Installed Windows Media Player 10
    RP119: 2/21/2011 10:38:55 PM - Software Distribution Service 3.0
    RP120: 2/24/2011 11:55:55 AM - System Checkpoint
    RP121: 2/26/2011 9:09:25 PM - Software Distribution Service 3.0
    RP122: 3/2/2011 12:28:58 PM - System Checkpoint
    RP123: 3/3/2011 5:45:18 PM - Installed BlackBerry Desktop Software 5.0.1.
    RP124: 3/5/2011 2:23:54 PM - System Checkpoint
    RP125: 3/6/2011 8:30:42 PM - Software Distribution Service 3.0
    RP126: 3/10/2011 10:19:14 AM - Installed Connect Service
    RP127: 3/11/2011 10:32:10 AM - System Checkpoint
    RP128: 3/12/2011 4:00:38 PM - System Checkpoint
    RP129: 3/13/2011 6:05:31 AM - Software Distribution Service 3.0
    RP130: 3/14/2011 11:56:45 AM - System Checkpoint
    RP131: 3/15/2011 12:26:56 PM - System Checkpoint
    RP132: 3/17/2011 12:00:01 PM - System Checkpoint
    RP133: 3/17/2011 5:57:57 PM - Software Distribution Service 3.0
    RP134: 3/21/2011 3:55:19 PM - System Checkpoint
    RP135: 3/23/2011 3:07:07 PM - System Checkpoint
    RP136: 3/24/2011 3:21:53 PM - System Checkpoint
    RP137: 3/25/2011 8:10:47 AM - Software Distribution Service 3.0
    RP138: 3/25/2011 10:04:36 AM - Installed Java(TM) 6 Update 24
    RP139: 3/26/2011 11:02:34 AM - System Checkpoint
    RP140: 3/29/2011 2:01:53 PM - System Checkpoint
    RP141: 3/30/2011 2:27:24 PM - System Checkpoint
    RP142: 4/4/2011 2:40:25 PM - System Checkpoint
    RP143: 4/5/2011 3:37:26 PM - System Checkpoint
    RP144: 4/6/2011 8:11:08 PM - Installed Microsoft Office Outlook Connector
    RP145: 4/6/2011 9:16:37 PM - Installed Windows XP Wdf01009.
    RP146: 4/7/2011 10:16:59 PM - System Checkpoint
    RP147: 4/8/2011 10:27:02 PM - System Checkpoint
    RP148: 4/11/2011 10:39:52 AM - System Checkpoint
    RP149: 4/12/2011 12:16:52 PM - System Checkpoint
    RP150: 4/13/2011 7:12:20 PM - System Checkpoint
    RP151: 4/14/2011 7:59:29 AM - Software Distribution Service 3.0
    RP152: 4/15/2011 9:35:05 AM - System Checkpoint
    RP153: 4/16/2011 2:31:07 PM - System Checkpoint
    RP154: 4/18/2011 1:32:35 PM - System Checkpoint
    RP155: 4/18/2011 5:06:21 PM - Software Distribution Service 3.0
    RP156: 4/20/2011 9:17:25 AM - System Checkpoint
    RP157: 4/21/2011 7:05:09 PM - Software Distribution Service 3.0
    RP158: 4/22/2011 7:09:35 PM - System Checkpoint
    RP159: 4/24/2011 6:47:34 PM - System Checkpoint
    RP160: 4/25/2011 2:43:29 PM - Removed Opera 11.01.
    RP161: 4/26/2011 3:50:14 PM - System Checkpoint
    RP162: 4/27/2011 10:02:50 AM - Software Distribution Service 3.0
    RP163: 4/29/2011 12:12:16 PM - System Checkpoint
    RP164: 4/30/2011 12:19:00 AM - Removed W Photo Studio
    RP165: 4/30/2011 6:28:24 AM - Installed Java(TM) 6 Update 25
    RP166: 4/30/2011 12:39:00 PM - Restore Operation
    RP167: 5/1/2011 7:16:30 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    7300
    7300_Help
    7300Trb
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0.1
    Adobe Reader 8.1.5
    Agilix GoBinder Lite
    AiO_Scan
    AiOSoftware
    Akamai NetSession Interface
    ALPS Touch Pad Driver
    America Online (Choose which version to remove)
    AnswerWorks 5.0 English Runtime
    AOL Coach Version 2.0(Build:20041026.5 en)
    AOL Connectivity Services
    AOL Spyware Protection
    AOL You've Got Pictures Screensaver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Arachnophilia 5.4
    ArcSoft Panorama Maker 5
    ArcSoft Software Suite
    AudibleManager
    Bejeweled 2 Deluxe
    BlackBerry Desktop Software 6.0.2
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    BufferChm
    Carbonite
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Convert Image To PDF
    Copy
    CP_AtenaShokunin1Config
    cp_dwShrek2Albums1
    cp_dwShrek2Cards1
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    CutePDF Writer 2.7
    Destinations
    Director
    DocProc
    DocumentViewer
    DVD-RAM Driver
    FATE
    Fax
    File Uploader
    Florida Real Estate Exam Manual
    FranklinCovey TabletPlanner
    Google AFE
    Google Earth
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Extended Capabilities 4.7
    HP Image Zone 4.7
    HP Officejet 7300 series
    HP Product Assistant
    HP PSC & OfficeJet 4.7
    HP Update
    HPSystemDiagnostics
    Ink Art
    InstallVC90Support
    InstantShare
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 24
    K-Lite Codec Pack 5.5.1 (Standard)
    KB408682
    LivePost powered by PostNexus
    Malwarebytes' Anti-Malware
    MapSource - City Select North America v7
    MarketResearch
    McAfee SecurityCenter
    mCore
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft Education Pack for Windows XP Tablet PC Edition
    Microsoft Energy Blue Theme Pack
    Microsoft Experience Pack for Tablet PC
    Microsoft Ink Crossword
    Microsoft Ink Desktop
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Media Transfer
    Microsoft National Language Support Downlevel APIs
    Microsoft Office OneNote 2003
    Microsoft Office Outlook Connector
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Standard Edition 2003
    Microsoft Publisher 2002
    Microsoft Silverlight
    Microsoft Snipping Tool 2.0
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox (3.6.13)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    MSN Toolbar
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    mWlsSafe
    mXML
    MyConnect Special Offer
    mZConfig
    Nikon Message Center
    Nikon Transfer
    oDesk Team
    Office 2003 Trial Assistant
    Opera 11.10
    Panda Cloud Antivirus
    PanoStandAlone
    PhotoGallery
    Picture Control Utility
    Polar Golfer
    PrimoPDF -- by Nitro PDF Software
    ProductContext
    Protector Suite 5.4
    Pure Networks Port Magic
    QFolder
    Quicken 2008
    QuickTime
    Readme
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.85
    Scan
    ScannerCopy
    SCRABBLE
    SD Secure Module
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SkinsHP1
    Sprint SmartView
    Tablet PC Tutorials for Microsoft Windows XP SP2
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Top Producer Editor
    TOSHIBA Accelerometer Utilities
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    TOSHIBA Display Devices Change Utility
    TOSHIBA Game Console
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility for Display Devices
    TOSHIBA Mobile Extension3 for Windows XP V3.82.00.XP
    TOSHIBA Password Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    Toshiba Registration
    TOSHIBA Rotation Utility
    TOSHIBA SD Memory Boot Utility
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Tablet Access Code Logon Utility
    TOSHIBA TouchPad On/Off Utility V2.05.01
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    TrayApp
    Trial1-2-3FileConvert v3.0
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB961813)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    ViewNX
    Viewpoint Media Player
    W Photo Studio
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8 Release Candidate 1
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    4/27/2011 10:09:08 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avg7Core Avg7RsW Avg7RsXP AvgClean
    4/27/2011 10:09:02 AM, error: Service Control Manager [7000] - The Pantech&Curitel Utility Service service failed to start due to the following error: The system cannot find the file specified.
    4/27/2011 10:09:02 AM, error: Service Control Manager [7000] - The AVG7 Alert Manager Server service failed to start due to the following error: The system cannot find the file specified.
    4/27/2011 10:08:51 AM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00130288A1D0. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    4/27/2011 10:08:47 AM, error: Dhcp [1002] - The IP address lease 192.168.0.12 for the Network Card with network address 00130288A1D0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I just sent another PM, this time to the site owner. There are some things you can work on:

    You are running multiple antivirus programs:
    Panda
    AVG7> this is way outdated, I don't think it's even been supported for 2-3 years. It's up to AVG 2011.
    McAfee> full suite


    Uninstall AVG: AVG Remover eliminates all the parts of your AVG installation from your computer, including registry items, installation files, user files, etc.
    Note:
    • AVG user settings will be removed.
    • Virus Vault contents will be removed.
    • All other items related to AVG installation and use will be removed.
    • You will be asked during the removal procedure to restart your computer. Please do so.
    • Make sure there is no open work in process prior to launching AVG Remover.
    AVG Remover:32bit
    =====================================================
    Make sure McAfee is current. If it is not and you don't want to keep it, uninstall:
    McAfee Removal
    If it is not, you can put one of the following AV on the system after you remove AVG and Panda
    Antivirus :(only one):Both of the following programs are free and known to be good:
    [o]Avira-AntiVir-Personal-Free-Antivirus
    [o]Avast-Free Antivirus
    =========================================
    Please uninstall Hitman Pro 3.5. It is nothing but a bundle of security programs that are all free on the internet. Hitman gives you a trial, then won't remove bad entries unless you pay for the program. Considering all of the free programs are fully functional, this is a big rip off.
    ==========================================
    Please go ahead and paste in the Mbam and Eset scan logs. Keep the original logs on your computer.

    Question: Are you in Canada? Is French on the system?[/B]
     
  16. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Mbam

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org
    Database version: 6487
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18372
    5/3/2011 7:37:47 PM
    mbam-log-2011-05-03 (19-37-47).txt
    Scan type: Quick scan
    Objects scanned: 168998
    Time elapsed: 34 minute(s), 51 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  17. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Eset

    ESETSmartInstaller@High as CAB hook log:
    OnlineScannerUninstaller.exe - copy file error :The system cannot find the file specified.

    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18372 (longhorn_ie8_rc1(wmbla).090115-0053)
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=4465ab14d7dd8041bd165844fc805af6
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-05-04 01:45:58
    # local_time=2011-05-03 09:45:58 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1538 16774118 20 3 0 132077036 0 0
    # compatibility_mode=5121 16777189 100 75 0 20700784 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 0 77 144173476 147157892 0 0
    # scanned=119840
    # found=0
    # cleaned=0
    # scan_time=6413
     
  18. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    AVG

    You know, I tried to delete AVG about three years ago and it was surprisingly difficult to do so. I downloaded Revo Uninstaller some time ago to help me get rid of it, which I thought I had done. There is no AVG in any of the add/delete programs menus, and revo cannot find it now, yet Combofix continually tells me that AVG is running and that my computer may be ruined if I proceed unless I stop it from running. Strange...needless to say, I have not yet run Combofix. I downloaded the AVG Remover, and it did a few things in a small DOS window, but never got around to restarting my computer as explained. I ran it a couple of times with the same result. Meanwhile, Combofix keeps telling me that AVG is running...aggghhh! Sorry for the melodrama...
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Try this for AVG instead:
    Download AppRemover and save to the desktop]
    • Double click the setup on the desktop> click Next
    • Select “Remove Security Application”
    • Let scan finish to determine security apps
    • A screen like below will appear:
      http://www.appremover.com/about/chooseuninstall.gif/image_preview[/img[*] Click on [b]Next[/b] after choice has been made
      [*] Check the AVG program you want to uninstall
      [*] After uninstall shows complete, follow online prompts to Exit the program.[/list]

      Temporary AV [b]if needed[/b]:
      [url=http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=11012914][b][color=blue]Avira-AntiVir-Personal-Free-Antivirus[/b][/color][/url]
      [URL="http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button"][B][COLOR="RoyalBlue"]Avast Free Version[/COLOR][/B][/URL]
      =====================================
      Mbam is clean and the Eset scan is clean. [B]Are you still having the redirects?[/B]
      =====================================
      [B]Please go on to Combofix after removing AVG. Reboot the computer after removing AVG, before running Combofix.[/B]
      ====================================
      [b]About Revo or any other 'unininstaller.'[/b] Here is the order you should follow when uninstalling:
      1. If the program has an uninstaller, use that: Hold mouse over program to open> look for 'uninstaller.'
      2. If the program does not have it's own uninstaller, go to Add/Remove Programs and uninstall there.
      3. If the uninstaller has been damaged and you don't see the program in Add/Remove Programs, [b][u]then[/b][/u] use an uninstaller to remove the left-over files.

      [B]The uninstallers like Revo and the Windows Installer Cleanup Utility should not be use when wanting to fully uninstall. They should only be use when files remain [b]after[/b] going through the correct uninstall path.[/B]
     
  20. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Yes, unfortunately, I still have the redirects. I notice that Opera does not seem to redirect, just IE and Firefox, if that helps at all. App Remover is not detecting AVG after it scans, just Malwarebytes and McAfee. Thanks for the tips on uninstalling software though. Do you think AVG is really there?

    Oh, one more thing, I don't know if it matters, but I can see prior to clicking on a link whether it will redirect of not. When I hover the mouse over a google link that will ultimately result in a redirect, the address in the lower left corner of the window shows an address similar to this:

    www.google.com/go?5240309

    This is opposed to the targeted address that the link would normally bring me to. Whenever I see this, I WILL be redirected if I click on that link. Again, I don't know if this helps.

    Should I run Combofix regardless of it saying that AVG is running even if I cannot find it's presence anywhere? Obviously, I won't do anything until I hear from you. Thanks.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please go ahead and attempt Combofix. If it has an issue with remaining AVG entries, it will let you know!
     
  22. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    ComboFix 11-05-04.04 - Thomas Love 05/05/2011 16:41:31.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.527 [GMT -4:00]
    Running from: c:\documents and settings\Thomas Love\Desktop\ComboFix.exe
    AV: AVG 7.5.485 *Enabled/Updated* {41564737-3200-1071-989B-0000E87B4FB1}
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Thomas Love\GoToAssistDownloadHelper.exe
    C:\Install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-03 23:53 . 2011-05-03 23:53 -------- d-----w- c:\program files\ESET
    2011-05-02 14:38 . 2011-05-02 14:39 -------- d-----w- c:\windows\system32\GroupPolicy
    2011-05-02 02:22 . 2011-05-02 02:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2011-05-02 02:19 . 2011-05-02 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2011-05-02 02:19 . 2011-05-05 12:39 -------- d-----w- c:\program files\McAfee Security Scan
    2011-04-30 16:43 . 2011-04-30 16:43 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-04-30 16:42 . 2011-04-30 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Walgreens
    2011-04-30 16:42 . 2011-04-30 16:42 -------- d-----w- c:\program files\Walgreens
    2011-04-28 13:31 . 2011-04-28 13:31 -------- d-----w- c:\documents and settings\Thomas Love\Application Data\Panda Security
    2011-04-28 13:29 . 2011-05-04 04:00 -------- d-----w- c:\program files\Panda Security
    2011-04-28 13:29 . 2011-04-28 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2011-04-28 13:10 . 2011-05-04 03:47 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-04-28 13:10 . 2011-04-28 13:10 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-04-28 13:09 . 2011-04-28 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2011-04-28 01:33 . 2011-04-28 01:33 -------- d-----w- c:\documents and settings\Thomas Love\Application Data\Yahoo!
    2011-04-28 01:33 . 2011-04-28 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2011-04-27 14:32 . 2011-04-27 14:32 -------- d-----w- c:\documents and settings\Thomas Love\Application Data\Malwarebytes
    2011-04-27 13:54 . 2011-04-27 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-27 13:54 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-27 13:54 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-27 13:54 . 2011-04-27 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-22 21:35 . 2011-04-22 21:35 -------- d-----w- c:\program files\iPod
    2011-04-22 21:35 . 2011-04-22 21:37 -------- d-----w- c:\program files\iTunes
    2011-04-22 21:21 . 2011-04-22 21:21 -------- d-----w- c:\program files\Bonjour
    2011-04-19 23:21 . 2011-04-19 23:21 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{87DF5956-A327-4304-8338-8E2B0AAB843E}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2011-04-19 23:21 . 2011-04-19 23:21 413696 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{87DF5956-A327-4304-8338-8E2B0AAB843E}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2011-04-19 23:21 . 2011-04-19 23:21 413696 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{87DF5956-A327-4304-8338-8E2B0AAB843E}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2011-04-19 23:21 . 2011-04-19 23:21 413696 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{87DF5956-A327-4304-8338-8E2B0AAB843E}\ARPPRODUCTICON.exe
    2011-04-07 01:17 . 2011-04-07 01:17 -------- d-----w- c:\documents and settings\Thomas Love\Local Settings\Application Data\Research In Motion
    2011-04-07 01:16 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-15 01:50 . 2011-03-15 01:50 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut4_838BDC75346D4F49BD1D5328F986CD86.exe
    2011-03-15 01:50 . 2011-03-15 01:50 413696 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe
    2011-03-15 01:50 . 2011-03-15 01:50 413696 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}\NewShortcut1_9F9ABBA94B874F449DBFBD7EB1332F16.exe
    2011-03-07 05:33 . 2006-05-12 18:55 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
    2011-03-03 22:47 . 2011-03-03 22:47 69632 ----a-r- c:\documents and settings\Thomas Love\Application Data\Microsoft\Installer\{2E8131B2-8DAF-41E2-B954-18FD5DEF0B54}\DesktopMgr.exe
    2011-03-03 13:21 . 2006-05-12 18:22 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 13:18 . 2006-05-12 18:21 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-05-12 18:21 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2009-04-16 16:55 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-16 22:56 . 2011-02-16 22:56 64000 ----a-w- c:\windows\system32\drivers\RimUsb.sys
    2011-02-15 12:56 . 2006-05-12 18:20 290432 ----a-w- c:\windows\system32\atmfd.dll
    2011-02-11 13:25 . 2006-05-12 18:52 229888 ----a-w- c:\windows\system32\fxscover.exe
    2011-02-09 13:53 . 2006-05-12 18:21 270848 ----a-w- c:\windows\system32\sbe.dll
    2011-02-09 13:53 . 2006-05-12 18:20 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-02-08 13:33 . 2006-05-12 18:21 978944 ----a-w- c:\windows\system32\mfc42.dll
    2011-02-08 13:33 . 2006-05-12 18:21 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-10-14 03:28 . 2010-11-02 00:23 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
    @="{95A27763-F62A-4114-9072-E81D87DE3B68}"
    [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
    2010-03-17 22:45 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
    @="{E300CD91-100F-4E67-9AF3-1384A6124015}"
    [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
    2010-03-17 22:45 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
    @="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
    [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
    2010-03-17 22:45 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "CFSServ.exe"="CFSServ.exe -NoClient" [X]
    "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2006-02-02 73728]
    "TSkrMain"="c:\program files\TOSHIBA\Acceleration Utilities\Shaker\TSkrMain.exe" [2004-06-30 49152]
    "TRot.exe"="c:\program files\TOSHIBA\TOSHIBA Rotation Utility\TRot.exe" [2005-11-29 266240]
    "TPSODDCtl"="TPSODDCtl.exe" [2006-04-25 110592]
    "TPSMain"="TPSMain.exe" [2006-04-25 315392]
    "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.Exe" [2005-06-29 126976]
    "TOSDCR"="TOSDCR.EXE" [2005-12-13 57344]
    "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976]
    "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-02-23 86016]
    "TFNF5"="TFNF5.exe" [2006-04-11 622592]
    "TFncKy"="TFncKy.exe" [BU]
    "TAcelMgr"="c:\program files\TOSHIBA\Acceleration Utilities\TAcelMgr\TAcelMgr.exe" [2004-12-16 90112]
    "TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
    "TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
    "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-23 122880]
    "SkyTel"="SkyTel.EXE" [2006-04-24 1448960]
    "RTHDCPL"="RTHDCPL.EXE" [2006-05-09 16207360]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-06 30208]
    "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
    "NDSTray.exe"="NDSTray.exe" [BU]
    "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2004-08-18 184320]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-12 299008]
    "CrossMenu"="c:\program files\Toshiba\CrossMenu\CrossMenu.exe" [2006-04-12 798720]
    "Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2010-03-17 670864]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-04-26 258048]
    "000StTHK"="000StTHK.exe" [2001-06-24 24576]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
    "Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2010-12-15 75072]
    "RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2010-12-15 316736]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    .
    c:\documents and settings\Thomas Love\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
    Sticky Notes.lnk - c:\windows\system32\stikynot.exe [2006-5-12 159232]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-1-21 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
    HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
    LivePost.lnk - c:\windows\Installer\{57B5ABFC-8BD0-4CE6-8DFC-42ED54D46D96}\_6024B855C8086574E94A6F.exe [2009-6-15 1150]
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-5-12 155648]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
    2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-05-06 00:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
    2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
    2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TSigNP]
    2006-03-02 21:51 53248 ----a-w- c:\windows\system32\TSigNP.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1147476082\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1039:TCP"= 1039:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/28/2004 2:31 AM 16384]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [5/12/2006 5:16 PM 6144]
    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [5/10/2010 2:41 PM 84072]
    R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [5/12/2006 5:05 PM 5888]
    R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [5/12/2006 2:21 PM 14336]
    R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 9:00 PM 13568]
    R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 8:59 PM 33024]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/1/2010 8:22 PM 271480]
    R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [11/1/2010 8:22 PM 271480]
    R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [11/1/2010 8:22 PM 271480]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [11/1/2010 8:23 PM 188136]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [11/1/2010 7:05 PM 141792]
    R2 NvtlService;NovaCore SDK Service;c:\program files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [1/11/2010 3:10 PM 82944]
    R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 8:33 PM 3456]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/24/2006 11:24 PM 98560]
    R2 Tmesrv;Tmesrv3;c:\program files\Toshiba\TME3\TMESRV31.exe [5/12/2006 5:05 PM 126976]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [5/10/2010 2:41 PM 55840]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [5/10/2010 2:41 PM 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [5/10/2010 2:41 PM 88544]
    R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;c:\windows\system32\drivers\TBtnKey.sys [5/12/2006 4:56 PM 8832]
    R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [5/12/2006 7:50 AM 14208]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/17/2010 5:16 PM 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/17/2010 5:16 PM 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [5/10/2010 2:41 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [5/10/2010 2:41 PM 84264]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [9/23/2008 2:10 PM 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/19/2009 4:22 PM 174720]
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - BMLoad
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-04-29 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 21:16]
    .
    2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-17 21:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.emortgagelogic.com/www/index.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxps://web11.farvv.com/sn/ImageUploader6.cab
    FF - ProfilePath - c:\documents and settings\Thomas Love\Application Data\Mozilla\Firefox\Profiles\olrqrkyz.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.nefar.com/memberMain.php|http://flexmls.realtyweb.net/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKU-Default-Run-AVG7_Run - c:\progra~1\Grisoft\AVGFRE~1\avgw.exe
    AddRemove-Convert Image To PDF_is1 - c:\program files\Softinterface
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-05-05 16:58
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3875979560-2766346231-3334871990-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1412)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\Protector Suite QL\homepass.dll
    c:\program files\Protector Suite QL\bio.dll
    c:\program files\Protector Suite QL\remote.dll
    c:\windows\system32\TSigNP.dll
    c:\program files\Protector Suite QL\crypto.dll
    c:\program files\Protector Suite QL\biokmd.dll
    c:\program files\Protector Suite QL\mysafe.dll
    .
    - - - - - - - > 'explorer.exe'(3716)
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
    c:\program files\Common Files\microsoft shared\ink\tipband.dll
    c:\program files\windows journal\nbmaptip.dll
    c:\windows\IME\SPGRMR.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\program files\Protector Suite QL\mysafe.dll
    c:\program files\Protector Suite QL\infra.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\windows\system32\ThpSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\System32\tabbtnu.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
    c:\windows\system32\TPSODDCtl.exe
    c:\windows\system32\thpsrv.exe
    c:\windows\system32\TFNF5.exe
    c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    c:\windows\system32\TPSBattM.exe
    c:\program files\TOSHIBA\TME3\TMETEMNU.EXE
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\SkyTel.EXE
    c:\windows\RTHDCPL.EXE
    c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files\Protector Suite QL\psqltray.exe
    c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\program files\TOSHIBA\ConfigFree\CFSServ.exe
    c:\windows\AGRSMMSG.exe
    c:\program files\TOSHIBA\ConfigFree\CFXFER.exe
    c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
    c:\program files\Apoint2K\Apntex.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\LivePost\LivePost powered by PostNexus\AppStart.exe
    c:\program files\LivePost\LivePost powered by PostNexus\3.2.0.47\PNlaunch.exe
    c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\System32\vssvc.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\msdtc.exe
    .
    **************************************************************************
    .
    Completion time: 2011-05-05 17:18:15 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-05-05 21:17
    .
    Pre-Run: 53,132,767,232 bytes free
    Post-Run: 53,059,158,016 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg
    .
    - - End Of File - - 82E5798AA11B49B79099A6B67349AF59
     
  23. ormolu611

    ormolu611 TS Rookie Topic Starter Posts: 33

    Maybe I'm being premature, but my browser does not seem to be redirecting after running Combofix. Baited breath....do you see anything in the log that suggests a bug being removed?
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Ya go to give me time to look at it!! Back in a while. Be patient.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\windows\system32\drivers\hitmanpro35.sys
    Folder::
    c:\documents and settings\Thomas Love\Application Data\Panda Security
    c:\program files\Panda Security
    c:\documents and settings\All Users\Application Data\Panda Security
    c:\program files\Hitman Pro 3.5
    c:\documents and settings\All Users\Application Data\Hitman Pro
    
    SecCenter::
    {41564737-3200-1071-989B-0000E87B4FB1}
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"=-
    "CFSServ.exe"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    I have removed Hitman Pro. This is a bundle of free software programs which can all be found on the internet. The free programs will remove bad entries. But Hitman will only do that during the trial period. After that they make you but the progrm. If you did that, ask for your money back.
    =====================
    Some slow day, you might want to check out the multiple installs Toshiba preloads. Any that aren't being used can be stopped and/or uninstalled.
    Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    Most of what it finds will be harmless or even required.
    If you want to go ahead and handle the Toshiba processes below, okay to do so
    =============================
    These are the Toshiba processes found in many logs. I've grouped program and processes for each so the won't all be together in the HJL log. I took the Power Saver out and copied it at the end so you know what it is. None of these processes need to start on boot, so you can include them with the first section or you can do them separately. So The 3 steps are:
    1. You stop the process in HJT
    Boot into Safe Mode.
    2. Follow the steps to use the msconfig utility to take process off of Startup
    3. Change Service Startup type to Manual
    Uninstall any processes you don't use
    Then reboot back into Normal Mode
    Please print out the list of the Toshiba program you checked in the HJT log

    Step 1: Check each of the following processes in the HJT log, if present:
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe> mobile and wireless computing, enabling Toshiba notebook users to easily switch profiles and devices as needed.
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe> tray icon for above
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

    C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
    C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
    O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
    O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
    -------------------
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    ---------------------
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe>>offers easy movement and freedom of programs navigation with TouchPad
    -------------------------
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe>> configuration tray icon for Toshiba laptops. Available via Start -> Settings -> Control Panel
    -----------------------
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    ---------------------
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    ---------------------
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    ------------------------------
    C:\WINDOWS\system32\TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    ----------------------
    C:\WINDOWS\system32\TPSBattM.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP>> utility that allows you to change various hardware settings
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL[/b]

    When finished all of above, close all Windows except HijacktThis and clicck on "Fix Checked"
    ======================================================
    ===================================================
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    Step 2: Using the msconfig utility to take processes of Startup Menu:
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>

      In New Orleans, this would be called Lagniappe. It means a small gift given with a purchase to a customer, by way of compliment or for good measure; bonus. ...
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.