Search engine redirect for Google and Firefox

Inactive
By vixentd
Aug 21, 2011
Topic Status:
Not open for further replies.
  1. Have run in this order
    1. rkill
    2. tdskiller
    3. Malawarebytes
    4. Combofix

    Nothing has removed it yet.
    Have the following log.
    ComboFix 11-08-21.01 - 5961 20/08/2011 21:46:09.5.2 - x86 NETWORK
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.608 [GMT -7:00]
    Running from: c:\users\5961\Desktop\virus removers\ComboFix.exe
    AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
    SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-08-21 04:53 . 2011-08-21 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-08-20 07:31 . 2011-08-21 04:53 -------- d-----w- c:\users\5961\AppData\Local\temp
    2011-08-19 15:30 . 2011-08-19 15:30 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2011-08-19 07:06 . 2011-08-20 15:49 -------- d-----w- c:\programdata\PCPitstop
    2011-08-19 07:06 . 2011-08-19 07:07 -------- d-----w- c:\program files\PCPitstop
    2011-08-19 06:11 . 2011-08-19 06:11 39192 ----a-w- c:\windows\system32\Partizan.exe
    2011-08-19 06:11 . 2011-08-19 06:11 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2011-08-19 06:10 . 2011-07-27 20:59 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2011-08-19 06:10 . 2011-08-19 06:12 -------- d-----w- c:\program files\UnHackMe
    2011-08-16 17:41 . 2011-08-16 17:54 -------- d-----w- c:\program files\Trojan Guarder Gold Version
    2011-08-16 06:08 . 2011-08-16 17:14 -------- d-----w- c:\program files\GridinSoft Trojan Killer
    2011-08-16 05:47 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-08-16 05:47 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-08-16 05:47 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-08-16 05:47 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-08-16 05:47 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\unrar3.dll
    2011-08-16 05:46 . 2011-08-16 05:48 -------- d-----w- c:\users\5961\AppData\Roaming\Simply Super Software
    2011-08-16 05:46 . 2011-08-16 05:46 -------- d-----w- c:\programdata\Simply Super Software
    2011-08-16 04:53 . 2011-08-16 04:53 -------- d-----w- c:\program files\Lavasoft
    2011-08-16 04:35 . 2011-08-16 04:35 10752 ----a-w- c:\windows\system32\drivers\ZeroAccess.sys
    2011-08-14 23:03 . 2011-08-15 04:02 -------- d-----w- C:\Emsisoft Anti-Malware
    2011-08-13 14:41 . 2011-08-13 14:41 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2011-08-13 03:31 . 2011-08-16 09:27 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-08-12 16:08 . 2011-08-19 16:49 -------- d-----w- c:\programdata\AVAST Software
    2011-08-12 16:08 . 2011-08-12 16:08 -------- d-----w- c:\program files\AVAST Software
    2011-08-12 07:59 . 2011-08-14 01:38 -------- d-----w- c:\programdata\STOPzilla!
    2011-08-12 06:36 . 2011-08-12 06:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-12 06:35 . 2011-08-12 06:35 -------- d-----w- c:\program files\Hitman Pro 3.5
    2011-08-10 11:16 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-10 11:16 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-10 11:16 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2011-08-10 11:16 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-10 11:16 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 11:14 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-07 07:23 . 2011-08-07 07:23 75776 ----a-w- c:\windows\system32\dfrgifpsu.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-08-19 06:11 . 2011-02-10 01:12 26 ----a-w- c:\windows\winstart.bat
    2011-08-16 05:02 . 2009-10-30 17:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-02 16:19 . 2011-05-31 15:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-22 19:17 . 2011-06-24 05:22 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-06-07 05:18 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-06-07 05:18 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-06-02 13:34 . 2011-07-13 20:52 2043392 ----a-w- c:\windows\system32\win32k.sys
    2006-09-29 23:06 . 2008-01-05 23:43 11205817 ----a-w- c:\program files\Common Files\fcc32.exe
    2005-08-03 19:50 . 2008-01-05 23:43 393216 ----a-w- c:\program files\Common Files\fcsmapi.dll
    2001-08-23 13:00 . 2008-01-05 23:43 486400 ----a-w- c:\program files\Common Files\dbghelp.dll
    2011-06-26 21:14 . 2011-05-01 06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\users\5961\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
    "Magellan CmTray"="c:\program files\Content Manager\CmTray.exe" [2010-08-24 439296]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 39408]
    "Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 154392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 133912]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-08-03 24216]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    .
    c:\users\5961\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\5961\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-05-27 21:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-06-15 23:19 136176 ----atw- c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2011-06-15 22:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
    .
    R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
    R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-21 73728]
    R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-07-11 18768]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 63364179
    *NewlyCreated* - ECACHE
    *Deregistered* - 63364179
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
    bthsvcs REG_MULTI_SZ BthServ
    getPlusHelper REG_MULTI_SZ getPlusHelper
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-08-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 06:08]
    .
    2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 06:08]
    .
    2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 06:08]
    .
    2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141718280-3075198056-734452945-1000Core.job
    - c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:19]
    .
    2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141718280-3075198056-734452945-1000UA.job
    - c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    FF - ProfilePath - c:\users\5961\AppData\Roaming\Mozilla\Firefox\Profiles\qm24sn1t.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-08-20 21:53
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-141718280-3075198056-734452945-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{793B5EB5-F2AA-3C9E-D10F-FAB4D52CD73E}*]
    "halcedjlbcmnddec"=hex:6a,61,61,6d,67,64,6e,68,69,6e,69,67,6f,63,62,66,69,70,
    61,6f,00,fa
    "iancokodlbmfbikdbi"=hex:6a,61,61,6d,67,64,6e,68,69,6e,69,67,6f,63,62,66,69,70,
    61,6f,00,70
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1464)
    c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\windows\system32\igfxsrvc.dll
    .
    Completion time: 2011-08-20 21:58:42
    ComboFix-quarantined-files.txt 2011-08-21 04:58
    ComboFix2.txt 2011-08-20 07:31
    ComboFix3.txt 2011-08-19 20:04
    ComboFix4.txt 2011-08-14 22:55
    ComboFix5.txt 2011-08-21 04:43
    .
    Pre-Run: 9,169,559,552 bytes free
    Post-Run: 9,146,372,096 bytes free
    .
    - - End Of File - - EC9288206B488BDA40EBA09648A5CFD7
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You are off to a bad start. Running random programs that are not appropriate can further complicate a problem. There are stickies in every forum on the internet, including ours, not to run Combofix unless instructed to by your helper.

    It looks like you ran Combofix in Safe Mode with Networking> why? x86 NETWORK
    ---------------------------
    Please remove all of the following:
    -------------------------------------
    Disable AV: Lavasoft Ad-Watch Live! Anti-Virus: Ad-Aware AE Ad-Watch Live!
    • Right click on the Ad-Aware icon in the system tray. [​IMG]
    • Click on Disable Ad-Watch Live!
    • (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)

    =======================================
    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ===========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. vixentd

    vixentd Newcomer, in training Topic Starter

    Have unistalled as asked

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-08-21 13:28:04
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
    Running: vko9bkqu.exe; Driver: C:\Users\5961\AppData\Local\Temp\awldipow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\BlackBox.sys ExAllocatePool
    Code \SystemRoot\System32\Drivers\BlackBox.sys ExAllocatePoolWithTag
    Code \SystemRoot\System32\Drivers\BlackBox.sys KeDelayExecutionThread

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by 5961 at 13:29:15 on 2011-08-21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.228 [GMT -7:00]
    .
    AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Windows\RtHDVCpl.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\HPSIsvc.exe
    C:\Windows\system32\lxczcoms.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Program Files\UnHackMe\hackmon.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Content Manager\CmTray.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Users\5961\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [cdloader] "c:\users\5961\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [Magellan CmTray] c:\program files\content manager\CmTray.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
    StartupFolder: c:\users\5961\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\5961\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{3716FEF4-3BA9-46E1-B92F-7852155FF395} : DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{DACF3CD5-2162-4B55-AF94-DD2D35C81632} : DhcpNameServer = 192.168.1.254
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\5961\appdata\roaming\mozilla\firefox\profiles\qm24sn1t.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
    FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\5961\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\users\5961\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\5961\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\5961\program files\dna\plugins\npbtdna.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2011-8-20 35712]
    R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-8-18 35816]
    R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-3 16184]
    R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-8-12 41928]
    R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-8-12 11776]
    R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-8-12 3029208]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-3 21504]
    R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-2-27 99896]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-7-3 820568]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
    R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-12 73728]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-25 135664]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-6 1153368]
    S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-8-11 18768]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-16 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-25 135664]
    S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-11 23624]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-19 91304]
    S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-8-11 30600]
    S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-8-19 24416]
    S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-8-11 19280]
    S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-4-17 16256]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-08-21 07:55:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-08-21 07:50:22 -------- d-----w- c:\users\5961\appdata\local\temp
    2011-08-21 06:01:24 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
    2011-08-19 15:30:41 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
    2011-08-19 07:06:37 -------- d-----w- c:\programdata\PCPitstop
    2011-08-19 07:06:17 -------- d-----w- c:\program files\PCPitstop
    2011-08-19 06:11:31 39192 ----a-w- c:\windows\system32\Partizan.exe
    2011-08-19 06:11:31 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2011-08-19 06:10:52 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
    2011-08-19 06:10:42 -------- d-----w- c:\program files\UnHackMe
    2011-08-18 01:08:38 -------- d-----w- c:\users\5961\appdata\local\{B811B1CA-9FB9-4EEC-990C-914564EB5A24}
    2011-08-18 01:08:22 -------- d-----w- c:\users\5961\appdata\local\{26CE5B23-158D-4DF8-8BC3-5F26F331B820}
    2011-08-17 16:43:06 -------- d-----w- c:\users\5961\appdata\local\{6A615F40-C85A-4200-B260-B4C9F04970AC}
    2011-08-17 16:42:43 -------- d-----w- c:\users\5961\appdata\local\{6E77C12A-31A1-4958-9693-595B7F96C4EB}
    2011-08-16 05:47:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2011-08-16 05:47:50 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2011-08-16 05:47:49 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2011-08-16 05:47:48 75264 ----a-w- c:\windows\system32\unacev2.dll
    2011-08-16 05:47:47 153088 ----a-w- c:\windows\system32\unrar3.dll
    2011-08-16 05:46:42 -------- d-----w- c:\users\5961\appdata\roaming\Simply Super Software
    2011-08-16 05:46:42 -------- d-----w- c:\programdata\Simply Super Software
    2011-08-16 04:53:36 -------- d-----w- c:\program files\Lavasoft
    2011-08-16 04:35:44 10752 ----a-w- c:\windows\system32\drivers\ZeroAccess.sys
    2011-08-14 23:03:40 -------- d-----w- C:\Emsisoft Anti-Malware
    2011-08-13 03:31:50 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-08-12 16:08:44 -------- d-----w- c:\program files\AVAST Software
    2011-08-12 07:59:20 -------- d-----w- c:\programdata\STOPzilla!
    2011-08-12 06:36:02 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2011-08-10 11:16:56 375808 ----a-w- c:\windows\system32\winsrv.dll
    2011-08-10 11:16:53 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-08-10 11:16:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-08-10 11:16:32 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-08-10 11:16:32 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-08-10 11:14:01 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-08-08 20:25:33 -------- d-----w- c:\users\5961\appdata\local\{EB223736-B9DE-48AA-A7FE-F9EB5995843E}
    2011-08-08 20:25:18 -------- d-----w- c:\users\5961\appdata\local\{62A96E02-7180-4BA2-81FF-0D112C31E46F}
    2011-08-08 20:25:14 -------- d-----w- c:\users\5961\appdata\local\{4D3787F3-BBD7-49F0-8B80-03E46EC84CCB}
    2011-08-08 20:25:10 -------- d-----w- c:\users\5961\appdata\local\{C8387B3C-3555-4BA3-8F4D-2DFF50F7A7A7}
    2011-08-08 05:24:24 -------- d-----w- c:\users\5961\appdata\local\{3710A5AA-0ACD-4509-BDF3-033A4980A985}
    2011-08-08 05:24:05 -------- d-----w- c:\users\5961\appdata\local\{856DB862-BBD5-4451-851C-1E59816101A0}
    2011-08-08 01:44:49 -------- d-----w- c:\users\5961\appdata\local\{B8650028-B4F6-4A30-93CD-7C5455E86570}
    2011-08-07 07:23:21 75776 ----a-w- c:\windows\system32\dfrgifpsu.dll
    2011-08-03 19:13:14 -------- d-----w- c:\users\5961\appdata\local\{C0A32F40-D59E-4BAD-B0AF-7CBA29E477C9}
    2011-08-03 07:12:37 -------- d-----w- c:\users\5961\appdata\local\{E8120A7D-75D9-48A5-A0D0-E1168A15CA7D}
    2011-07-28 06:39:09 -------- d-----w- c:\users\5961\appdata\local\{0A7EFBC3-81F6-4269-B619-827143FC6A36}
    2011-07-27 16:08:45 -------- d-----w- c:\users\5961\appdata\local\{0A5271DC-DA3E-4973-897E-D7F9BB966962}
    .
    ==================== Find3M ====================
    .
    2011-08-19 06:11:20 26 ----a-w- c:\windows\winstart.bat
    2011-08-16 05:02:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-02 16:19:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-24 16:19:52 1648 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-06-22 19:17:44 17280 ----a-w- c:\windows\system32\roboot.exe
    2011-06-07 05:18:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-06-07 05:18:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
    2006-09-29 23:06:16 11205817 ----a-w- c:\program files\common files\fcc32.exe
    2005-08-03 19:50:04 393216 ----a-w- c:\program files\common files\fcsmapi.dll
    2001-08-23 13:00:00 486400 ----a-w- c:\program files\common files\dbghelp.dll
    .
    ============= FINISH: 13:32:05.91 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 22/08/2007 1:32:32 AM
    System Uptime: 21/08/2011 12:55:33 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | ISKAE
    Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 800/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 96 GiB total, 8.408 GiB free.
    D: is FIXED (NTFS) - 7 GiB total, 7.079 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1401: 21/08/2011 1:20:52 PM - ComboFix created restore point
    .
    ==== Installed Programs ======================
    .
    .
    4shared Uploader
    aaa
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.3.0
    Adobe Shockwave Player 11.5
    Advanced Batch Converter
    ALOT Toolbar
    ALPS Touch Pad Driver
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Atheros Driver Installation Program
    µTorrent
    AVS Cover Editor 1.3.1.79 (AVSMedia)
    AVS DVD Copy version 1.4
    BitTorrent
    Bonjour
    Camera Assistant Software for Toshiba
    CCleaner
    CD/DVD Drive Acoustic Silencer
    CDBurnerXP
    ContentManager
    Coupon Printer for Windows
    CraigsPalFree version 3.33
    Crux Calculator v5
    D3DX10
    Defraggler
    DNA
    Dropbox
    DVD MovieFactory for TOSHIBA
    Emsisoft Anti-Malware 5.1
    ESET Online Scanner v3
    Eusing Free Registry Cleaner
    ExtractNow
    FastStone Image Viewer 3.9
    FirstClass® Client
    Free CD to MP3 Converter
    Free DVD ISO Burner version 2.5
    Free Easy Burner V 4.2
    Game Booster
    Google Earth
    Google Gmail Notifier
    Google Talk Plugin
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    GoToMeeting 4.0.0.320
    Highlight Viewer (Windows Live Toolbar)
    Hitman Pro 3.5
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP LaserJet Professional M1210 MFP Series Fax Installer
    HP Smart Web Printing 4.60
    Info Center 1.0.0.6
    Intel(R) Graphics Media Accelerator Driver
    IObit Malware Fighter
    IrfanView (remove only)
    iTunes
    Japanese Fonts Support For Adobe Reader 8
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 24
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6
    Joost (tm) Beta 1.1.3
    Junk Mail filter update
    magicJack
    Malwarebytes' Anti-Malware
    Map Button (Windows Live Toolbar)
    McAfee Security Scan Plus
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office Live Add-in 1.3
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XML Parser
    Mozilla Firefox 5.0 (x86 en-US)
    MP3 WAV Converter 2.65
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OnlinePlay 1.0
    P2PFilter 3.0.5
    PC Matic 1.1.0.42
    PowerISO
    PowerPoint DVD Converter 2.6
    Prish Image Resizer
    QuickTime
    Readon TV Movie Radio Player 5.5.5.0
    Readon TV Movie Radio Player 6.3.1.0
    ReaJPEG Pro 3.8
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    reminder
    Scan To
    Search Settings 1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB954156)
    Security Update for Windows Media Encoder (KB979332)
    Segoe UI
    Skype Toolbars
    Skype™ 5.3
    Smart Defrag 2
    Smart Menus (Windows Live Toolbar)
    SmartWebPrinting
    Smilebox
    SMPlayer 0.6.9
    Sophos Anti-Rootkit 1.5.4
    SoulSeek Client 156c
    Spelling Dictionaries Support For Adobe Reader 8
    Spybot - Search & Destroy
    StudioTax 2009
    StudioTax 2010
    Telus
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Disc Creator
    TOSHIBA DVD PLAYER
    TOSHIBA Extended Tiles for Windows Mobility Center
    TOSHIBA Flash Cards Support Utility
    TOSHIBA Hardware Setup
    TOSHIBA Recovery Disc Creator
    Toshiba Registration
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TVUPlayer 2.4.9.1
    UnHackMe 5.99 release
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Utility Common Driver
    Veetle TV 0.9.15
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 1.0.5
    VSO Image Resizer 1.3.4
    Win32
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Favorites for Windows Live Toolbar
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live Toolbar Extension (Windows Live Toolbar)
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Mobile Device Center
    Windows Mobile Device Center Driver Update
    Windows Mobile® Device Handbook
    WinRAR archiver
    WinZip 12.1
    Wondershare PPT2DVD 5.5.0.319
    XPLORNET EN
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    .
    ==== End Of File ===========================
  4. vixentd

    vixentd Newcomer, in training Topic Starter

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7529

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    21/08/2011 2:17:56 PM
    mbam-log-2011-08-21 (14-17-56).txt

    Scan type: Quick scan
    Objects scanned: 170550
    Time elapsed: 11 minute(s), 27 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.