Inactive Search engine redirect for Google and Firefox

[vixentd]

Have run in this order
1. rkill
2. tdskiller
3. Malawarebytes
4. Combofix

Nothing has removed it yet.
Have the following log.
ComboFix 11-08-21.01 - 5961 20/08/2011 21:46:09.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.608 [GMT -7:00]
Running from: c:\users\5961\Desktop\virus removers\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))
.
.
2011-08-21 04:53 . 2011-08-21 04:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-20 07:31 . 2011-08-21 04:53 -------- d-----w- c:\users\5961\AppData\Local\temp
2011-08-19 15:30 . 2011-08-19 15:30 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-08-19 07:06 . 2011-08-20 15:49 -------- d-----w- c:\programdata\PCPitstop
2011-08-19 07:06 . 2011-08-19 07:07 -------- d-----w- c:\program files\PCPitstop
2011-08-19 06:11 . 2011-08-19 06:11 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-08-19 06:11 . 2011-08-19 06:11 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-08-19 06:10 . 2011-07-27 20:59 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-08-19 06:10 . 2011-08-19 06:12 -------- d-----w- c:\program files\UnHackMe
2011-08-16 17:41 . 2011-08-16 17:54 -------- d-----w- c:\program files\Trojan Guarder Gold Version
2011-08-16 06:08 . 2011-08-16 17:14 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-08-16 05:47 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-16 05:47 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-16 05:47 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-16 05:47 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-16 05:47 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2011-08-16 05:46 . 2011-08-16 05:48 -------- d-----w- c:\users\5961\AppData\Roaming\Simply Super Software
2011-08-16 05:46 . 2011-08-16 05:46 -------- d-----w- c:\programdata\Simply Super Software
2011-08-16 04:53 . 2011-08-16 04:53 -------- d-----w- c:\program files\Lavasoft
2011-08-16 04:35 . 2011-08-16 04:35 10752 ----a-w- c:\windows\system32\drivers\ZeroAccess.sys
2011-08-14 23:03 . 2011-08-15 04:02 -------- d-----w- C:\Emsisoft Anti-Malware
2011-08-13 14:41 . 2011-08-13 14:41 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-08-13 03:31 . 2011-08-16 09:27 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-08-12 16:08 . 2011-08-19 16:49 -------- d-----w- c:\programdata\AVAST Software
2011-08-12 16:08 . 2011-08-12 16:08 -------- d-----w- c:\program files\AVAST Software
2011-08-12 07:59 . 2011-08-14 01:38 -------- d-----w- c:\programdata\STOPzilla!
2011-08-12 06:36 . 2011-08-12 06:53 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-12 06:35 . 2011-08-12 06:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-10 11:16 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 11:16 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:16 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-10 11:16 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 11:16 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 11:14 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-07 07:23 . 2011-08-07 07:23 75776 ----a-w- c:\windows\system32\dfrgifpsu.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-19 06:11 . 2011-02-10 01:12 26 ----a-w- c:\windows\winstart.bat
2011-08-16 05:02 . 2009-10-30 17:30 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-02 16:19 . 2011-05-31 15:30 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 19:17 . 2011-06-24 05:22 17280 ----a-w- c:\windows\system32\roboot.exe
2011-06-07 05:18 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-07 05:18 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 13:34 . 2011-07-13 20:52 2043392 ----a-w- c:\windows\system32\win32k.sys
2006-09-29 23:06 . 2008-01-05 23:43 11205817 ----a-w- c:\program files\Common Files\fcc32.exe
2005-08-03 19:50 . 2008-01-05 23:43 393216 ----a-w- c:\program files\Common Files\fcsmapi.dll
2001-08-23 13:00 . 2008-01-05 23:43 486400 ----a-w- c:\program files\Common Files\dbghelp.dll
2011-06-26 21:14 . 2011-05-01 06:55 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 94208 ----a-w- c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\5961\AppData\Roaming\mjusbsp\cdloader2.exe" [2011-05-16 50592]
"Magellan CmTray"="c:\program files\Content Manager\CmTray.exe" [2010-08-24 439296]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 39408]
"Advanced SystemCare 4"="c:\program files\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-05-28 412560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-13 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-13 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-13 133912]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-08-03 24216]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
.
c:\users\5961\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\5961\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan\0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-05-27 21:52 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 23:19 136176 ----atw- c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 04:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 22:02 15141768 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 12:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2011-06-30 3029208]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [2011-05-28 353168]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-21 73728]
R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-07-11 18768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63364179
*NewlyCreated* - ECACHE
*Deregistered* - 63364179
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-21 06:08]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 06:08]
.
2011-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 06:08]
.
2011-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141718280-3075198056-734452945-1000Core.job
- c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:19]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-141718280-3075198056-734452945-1000UA.job
- c:\users\5961\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 23:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\5961\AppData\Roaming\Mozilla\Firefox\Profiles\qm24sn1t.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 21:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-141718280-3075198056-734452945-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{793B5EB5-F2AA-3C9E-D10F-FAB4D52CD73E}*]
"halcedjlbcmnddec"=hex:6a,61,61,6d,67,64,6e,68,69,6e,69,67,6f,63,62,66,69,70,
61,6f,00,fa
"iancokodlbmfbikdbi"=hex:6a,61,61,6d,67,64,6e,68,69,6e,69,67,6f,63,62,66,69,70,
61,6f,00,70
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1464)
c:\users\5961\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\igfxsrvc.dll
.
Completion time: 2011-08-20 21:58:42
ComboFix-quarantined-files.txt 2011-08-21 04:58
ComboFix2.txt 2011-08-20 07:31
ComboFix3.txt 2011-08-19 20:04
ComboFix4.txt 2011-08-14 22:55
ComboFix5.txt 2011-08-21 04:43
.
Pre-Run: 9,169,559,552 bytes free
Post-Run: 9,146,372,096 bytes free
.
- - End Of File - - EC9288206B488BDA40EBA09648A5CFD7

 

[Bobbye]

You are off to a bad start. Running random programs that are not appropriate can further complicate a problem. There are stickies in every forum on the internet, including ours, not to run Combofix unless instructed to by your helper.

It looks like you ran Combofix in Safe Mode with Networking> why? x86 NETWORK
---------------------------
Please remove all of the following:

2011-08-16 17:41 . 2011-08-16 17:54> c:\program files\Trojan Guarder Gold Version
2011-08-16 06:08 . 2011-08-16 17:14 > c:\program files\GridinSoft Trojan Killer
rkill
tdskiller
c:\programdata\Kaspersky Lab Setup Files
2011-08-13 03:31 . 2011-08-16 09:27> c:\program files\Emsisoft Anti-Malware
2011-08-12 16:08 . 2011-08-19 16:49 > c:\programdata\AVAST Software
One antivirus- that's all!
2011-08-12 06:35 > c:\program files\Hitman Pro 3.5> reasons will be given
Advanced SystemCare 4- > 2011-05-28 412560]

-------------------------------------
Disable AV: Lavasoft Ad-Watch Live! Anti-Virus: Ad-Aware AE Ad-Watch Live!

• Right click on the Ad-Aware icon in the system tray.
  
• Click on Disable Ad-Watch Live!
• (Once you are clean, you can re-enable Ad-Watch Live! by clicking on Enable Ad-Watch Live!.)

=======================================
Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  
  

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
===========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[vixentd]

Have unistalled as asked

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-21 13:28:04
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541612J9SA00 rev.SBDOC7DP
Running: vko9bkqu.exe; Driver: C:\Users\5961\AppData\Local\Temp\awldipow.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\BlackBox.sys ExAllocatePool
Code \SystemRoot\System32\Drivers\BlackBox.sys ExAllocatePoolWithTag
Code \SystemRoot\System32\Drivers\BlackBox.sys KeDelayExecutionThread

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by 5961 at 13:29:15 on 2011-08-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.1013.228 [GMT -7:00]
.
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PCPitstop\Info Center\InfoCenter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\HPSIsvc.exe
C:\Windows\system32\lxczcoms.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Program Files\UnHackMe\hackmon.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Content Manager\CmTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\5961\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [cdloader] "c:\users\5961\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Magellan CmTray] c:\program files\content manager\CmTray.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Info Center] c:\program files\pcpitstop\info center\InfoCenter.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
StartupFolder: c:\users\5961\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\5961\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3716FEF4-3BA9-46E1-B92F-7852155FF395} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{DACF3CD5-2162-4B55-AF94-DD2D35C81632} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\5961\appdata\roaming\mozilla\firefox\profiles\qm24sn1t.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=402&q=
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\5961\appdata\local\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\users\5961\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\5961\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\5961\program files\dna\plugins\npbtdna.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2011-8-20 35712]
R0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [2011-8-18 35816]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-3 16184]
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-8-12 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-8-12 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.1 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-8-12 3029208]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-3 21504]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2011-2-27 99896]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-7-3 820568]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-8-12 73728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-25 135664]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-6 1153368]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-8-11 18768]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-16 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-25 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-11 23624]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-8-19 91304]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-8-11 30600]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2011-8-19 24416]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-8-11 19280]
S3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2010-4-17 16256]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-21 07:55:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-21 07:50:22 -------- d-----w- c:\users\5961\appdata\local\temp
2011-08-21 06:01:24 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-08-19 15:30:41 24416 ----a-w- c:\windows\system32\drivers\regguard.sys
2011-08-19 07:06:37 -------- d-----w- c:\programdata\PCPitstop
2011-08-19 07:06:17 -------- d-----w- c:\program files\PCPitstop
2011-08-19 06:11:31 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-08-19 06:11:31 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2011-08-19 06:10:52 11040 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys
2011-08-19 06:10:42 -------- d-----w- c:\program files\UnHackMe
2011-08-18 01:08:38 -------- d-----w- c:\users\5961\appdata\local\{B811B1CA-9FB9-4EEC-990C-914564EB5A24}
2011-08-18 01:08:22 -------- d-----w- c:\users\5961\appdata\local\{26CE5B23-158D-4DF8-8BC3-5F26F331B820}
2011-08-17 16:43:06 -------- d-----w- c:\users\5961\appdata\local\{6A615F40-C85A-4200-B260-B4C9F04970AC}
2011-08-17 16:42:43 -------- d-----w- c:\users\5961\appdata\local\{6E77C12A-31A1-4958-9693-595B7F96C4EB}
2011-08-16 05:47:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-08-16 05:47:50 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-08-16 05:47:49 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-08-16 05:47:48 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-08-16 05:47:47 153088 ----a-w- c:\windows\system32\unrar3.dll
2011-08-16 05:46:42 -------- d-----w- c:\users\5961\appdata\roaming\Simply Super Software
2011-08-16 05:46:42 -------- d-----w- c:\programdata\Simply Super Software
2011-08-16 04:53:36 -------- d-----w- c:\program files\Lavasoft
2011-08-16 04:35:44 10752 ----a-w- c:\windows\system32\drivers\ZeroAccess.sys
2011-08-14 23:03:40 -------- d-----w- C:\Emsisoft Anti-Malware
2011-08-13 03:31:50 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-08-12 16:08:44 -------- d-----w- c:\program files\AVAST Software
2011-08-12 07:59:20 -------- d-----w- c:\programdata\STOPzilla!
2011-08-12 06:36:02 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-10 11:16:56 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-10 11:16:53 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-10 11:16:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-10 11:16:32 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 11:16:32 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 11:14:01 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-08 20:25:33 -------- d-----w- c:\users\5961\appdata\local\{EB223736-B9DE-48AA-A7FE-F9EB5995843E}
2011-08-08 20:25:18 -------- d-----w- c:\users\5961\appdata\local\{62A96E02-7180-4BA2-81FF-0D112C31E46F}
2011-08-08 20:25:14 -------- d-----w- c:\users\5961\appdata\local\{4D3787F3-BBD7-49F0-8B80-03E46EC84CCB}
2011-08-08 20:25:10 -------- d-----w- c:\users\5961\appdata\local\{C8387B3C-3555-4BA3-8F4D-2DFF50F7A7A7}
2011-08-08 05:24:24 -------- d-----w- c:\users\5961\appdata\local\{3710A5AA-0ACD-4509-BDF3-033A4980A985}
2011-08-08 05:24:05 -------- d-----w- c:\users\5961\appdata\local\{856DB862-BBD5-4451-851C-1E59816101A0}
2011-08-08 01:44:49 -------- d-----w- c:\users\5961\appdata\local\{B8650028-B4F6-4A30-93CD-7C5455E86570}
2011-08-07 07:23:21 75776 ----a-w- c:\windows\system32\dfrgifpsu.dll
2011-08-03 19:13:14 -------- d-----w- c:\users\5961\appdata\local\{C0A32F40-D59E-4BAD-B0AF-7CBA29E477C9}
2011-08-03 07:12:37 -------- d-----w- c:\users\5961\appdata\local\{E8120A7D-75D9-48A5-A0D0-E1168A15CA7D}
2011-07-28 06:39:09 -------- d-----w- c:\users\5961\appdata\local\{0A7EFBC3-81F6-4269-B619-827143FC6A36}
2011-07-27 16:08:45 -------- d-----w- c:\users\5961\appdata\local\{0A5271DC-DA3E-4973-897E-D7F9BB966962}
.
==================== Find3M ====================
.
2011-08-19 06:11:20 26 ----a-w- c:\windows\winstart.bat
2011-08-16 05:02:36 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-02 16:19:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-24 16:19:52 1648 ----a-w- c:\windows\system32\ASOROSet.bin
2011-06-22 19:17:44 17280 ----a-w- c:\windows\system32\roboot.exe
2011-06-07 05:18:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-07 05:18:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
2006-09-29 23:06:16 11205817 ----a-w- c:\program files\common files\fcc32.exe
2005-08-03 19:50:04 393216 ----a-w- c:\program files\common files\fcsmapi.dll
2001-08-23 13:00:00 486400 ----a-w- c:\program files\common files\dbghelp.dll
.
============= FINISH: 13:32:05.91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 22/08/2007 1:32:32 AM
System Uptime: 21/08/2011 12:55:33 PM (1 hours ago)
.
Motherboard: TOSHIBA | | ISKAE
Processor: Genuine Intel(R) CPU T2080 @ 1.73GHz | U2E1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 96 GiB total, 8.408 GiB free.
D: is FIXED (NTFS) - 7 GiB total, 7.079 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1401: 21/08/2011 1:20:52 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
.
4shared Uploader
aaa
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.3.0
Adobe Shockwave Player 11.5
Advanced Batch Converter
ALOT Toolbar
ALPS Touch Pad Driver
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
µTorrent
AVS Cover Editor 1.3.1.79 (AVSMedia)
AVS DVD Copy version 1.4
BitTorrent
Bonjour
Camera Assistant Software for Toshiba
CCleaner
CD/DVD Drive Acoustic Silencer
CDBurnerXP
ContentManager
Coupon Printer for Windows
CraigsPalFree version 3.33
Crux Calculator v5
D3DX10
Defraggler
DNA
Dropbox
DVD MovieFactory for TOSHIBA
Emsisoft Anti-Malware 5.1
ESET Online Scanner v3
Eusing Free Registry Cleaner
ExtractNow
FastStone Image Viewer 3.9
FirstClass® Client
Free CD to MP3 Converter
Free DVD ISO Burner version 2.5
Free Easy Burner V 4.2
Game Booster
Google Earth
Google Gmail Notifier
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.0.0.320
Highlight Viewer (Windows Live Toolbar)
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP LaserJet Professional M1210 MFP Series Fax Installer
HP Smart Web Printing 4.60
Info Center 1.0.0.6
Intel(R) Graphics Media Accelerator Driver
IObit Malware Fighter
IrfanView (remove only)
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 24
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Joost (tm) Beta 1.1.3
Junk Mail filter update
magicJack
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Mozilla Firefox 5.0 (x86 en-US)
MP3 WAV Converter 2.65
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OnlinePlay 1.0
P2PFilter 3.0.5
PC Matic 1.1.0.42
PowerISO
PowerPoint DVD Converter 2.6
Prish Image Resizer
QuickTime
Readon TV Movie Radio Player 5.5.5.0
Readon TV Movie Radio Player 6.3.1.0
ReaJPEG Pro 3.8
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RealUpgrade 1.1
reminder
Scan To
Search Settings 1.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Skype Toolbars
Skype™ 5.3
Smart Defrag 2
Smart Menus (Windows Live Toolbar)
SmartWebPrinting
Smilebox
SMPlayer 0.6.9
Sophos Anti-Rootkit 1.5.4
SoulSeek Client 156c
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
StudioTax 2009
StudioTax 2010
Telus
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TVUPlayer 2.4.9.1
UnHackMe 5.99 release
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Utility Common Driver
Veetle TV 0.9.15
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VSO Image Resizer 1.3.4
Win32
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile® Device Handbook
WinRAR archiver
WinZip 12.1
Wondershare PPT2DVD 5.5.0.319
XPLORNET EN
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
.
==== End Of File ===========================

 

[vixentd]

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7529

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

21/08/2011 2:17:56 PM
mbam-log-2011-08-21 (14-17-56).txt

Scan type: Quick scan
Objects scanned: 170550
Time elapsed: 11 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)