# My HDD is failing as we speak? urgent help required



## AjsGuns

Hey guys my HDD is failing? all of a sudden everything was fine then i got this message saying Hard Drive Failure: The system has detected a problem with one or more installed IDE / Sata hard disks it is recommended that you restart the system then all my desktop icons started dissapearing and my computer said the RAM memory usage is cricially high. Ram memory failure. i restarted my computer and a windows recovery came up i clicked fix errors however it couldnt fix the following 5
Boot sector of the hard drive disk is damaged - critical error
Read time of hard drive clusters less than 500ms - critical error
Bad sectors on hard drive or damaged file allocation table - critical error
30% of the HDD space is unreadable - critical error
then down the bottom of my screen i get other messages like your private data is at risk etc etc.

can someone help me asap please! also my desktop is just covered in black with 1/4 of my icons the other 3/4 are gone..


----------



## johnb35

This sounds more like an infection to me.  Can you do the following. You may need to boot into safe mode with networking to do this.



Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## AjsGuns

my computer is randomly shutting down it comes up with a 

Windows - Delayed Write Filed
Windos was unable to save all the data for the file //system32//496A8300. the date has been lost. this error may be caused by a failure of your computer hardware 

also getting a message about catalyst control centre?

trying to download hijack but whenever i do i get that windows delayed write filed message and my computer restarts,, im doing malwarebytes atm as i had it installed from ages ago.

Thanks for the fast reply


----------



## johnb35

You still could have a failing hard drive but there are lots of those hdd diagnostic rogue malware progs out right now.  Lets make sure you don't have one of those first.  Make sure you update malwarebytes first.  You also may have to run it in safe mode.  Do you have some sort of raid utility or hard drive utility that runs at bootup that keeps track of your hard drive health?


----------



## AjsGuns

> Do you have some sort of raid utility or hard drive utility that runs at bootup that keeps track of your hard drive health?



No this program called Windows recovery has been coming up and telling me but only since it failed which was like 1hour ago, im trying to take a SS but when i save the SS to my desktop the computer shuts down or wont let me save it ill keep trying.


I didn't run it in safe mode
Here is the log:

Malwarebytes' Anti-Malware 1.32
Database version: 1618
Windows 6.0.6001 Service Pack 1

23/03/2011 3:12:54 AM
mbam-log-2011-03-23 (03-12-54).txt

Scan type: Quick Scan
Objects scanned: 69580
Time elapsed: 25 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## johnb35

The database you are using is so outdated its pathetic.  What operating system are you running?  You will need to download the latest malware bytes from the link I gave you and then update it before running.  I'll be going to work shortly so I won't be able to help you much longer.


----------



## AjsGuns

Downloading the newest version now

Here is what my desktop looks like


----------



## johnb35

That is definately an infection.  So you do not have a bad hard drive.  Do not click anywhere on that window for windows recovery.  Some of these infections can get pretty bad,  and like i said earlier you may have to boot to safe mode to run things.  I'm going to work now but I'm having Gamblingman come check up on this thread and offer advice to you.  I will check in from time to time during the day, might not actually post anything until I get home tonight.

Also, It may be required for you to download a program called combofix.  I'll post the link for it now in case me or gamblingman tell to you run it.  AFter running the latest malwarebytes see if you can run hijackthis and post its log as well.  This will give us a better idea of whats going on still in your computer.

Again only do this if you are told to do so.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## AjsGuns

Thank you so much for your help John!
Here is the newest malwarebytes log im downloading hijack after i restart the computer and will let you know how the computers going. (Malwares said i had to for it to remove the infections)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6132

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

23/03/2011 3:37:49 AM
mbam-log-2011-03-23 (03-37-49).txt

Scan type: Quick scan
Objects scanned: 201521
Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
c:\programdata\iqororfnymww.exe (Trojan.Downloader) -> 1236 -> Unloaded process successfully.
c:\programdata\44228360.exe (Rogue.FakeHDD) -> 1244 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\IQoRoRfnYmWW (Trojan.Downloader) -> Value: IQoRoRfnYmWW -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\programdata\iqororfnymww.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\programdata\44228360.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\Chris\AppData\Local\Temp\internetexplorerupdate.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Users\Chris\local settings\temporary internet files\Content.IE5\7WH502FN\calc[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.


----------



## gamblingman

Hey, I'm gamblingman.

Unfortunately I also have to run to work like RIGHT NOW. Just got called in. It doesn't ususally happen that both of us are due at work at the same time!

Go ahead and post your HiJackThis log and I or johnb35 will be in later today to go over it. 
Other than posting the HiJackThis log, and I cant stress this enough, *Dont do anything else on your computer in the meantime!*

 Dont click those pop-ups because (as johnb35 also said), they are part of the infection and clicking them will only make things worse.


----------



## tech savvy

johnb35 is 100% correct, that is definately an infection.just do what hes telling you and you will be good to go in no time.GL!


----------



## AjsGuns

Hey Gamblingman that link John posted for hijackthis took me to a blank page and when i clicked download file (something was blocking the page and it wasnt a pop up blocker i have no idea?) i couldnt so i ended up just googling it and downloading it from freeantivirus.com hope thats ok? version is the most updated, im having problems with it though when i click do a system scan and save log i get this error message  "denied write access to the host file"" it tells me for vista to run it in administrator mode but for some reason i cant (i can run other programs in admin mode though)..

After i did that malwares scan and restarted my computer that windows recovery box has gone away and the hard drive failure messages have too however im still getting "catalyst control centre:host application has stopped working messages" and a few other error messages and my desktop is still black and missing a bunch of icons.

So when you say dont do anything else on the computer i shouldnt search the internet either? just come back every hour or so and refresh this topic and wait for someone to give me advice?

No problems just greatfull for the help! thanks guys.


----------



## johnb35

To run hijackthis without getting that error you will need to run it as admin.  To do this, right click on hijackthis and click on run as admin.  If you still don't get the option to come up then hold down the shift key while right clicking on hijackthis and then click on run as admin.  Post the log and we will give further instructions afterwards.


----------



## AjsGuns

Sorry im from Australia, and was at Uni for the past 10 hours!

Here is the HiJackThis log: (only took 20 seconds to scan)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:34:10 PM, on 23/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://au.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 88.198.24.17 irc.westwood.com
O1 - Hosts: 88.198.24.17 servserv.westwood.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Patch.cmd
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{411AF379-4033-4CD0-B11D-CCA9967E933B}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 14225 bytes


----------



## johnb35

You still have a little bit of a  mess.  Please disable ESET realtime scanning so combofix can run.  Then download the combofix file from here.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## AjsGuns

Hey John
Here is the comboxfix.exe

ComboFix 11-03-22.09 - Chris 24/03/2011   0:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.3066.1856 [GMT 11:00]
Running from: D:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\resycled
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-23 to 2011-03-23  )))))))))))))))))))))))))))))))
.
.
2011-03-23 13:10 . 2011-03-23 13:10	--------	d-----w-	c:\users\Joel\AppData\Local\temp
2011-03-23 13:10 . 2011-03-23 13:11	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2011-03-23 13:10 . 2011-03-23 13:10	--------	d-----w-	c:\users\Random\AppData\Local\temp
2011-03-23 13:10 . 2011-03-23 13:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-23 12:32 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5B1C68D-887E-4D7D-8D89-666257EF6FD7}\mpengine.dll
2011-03-22 16:54 . 2011-03-22 16:54	388096	----a-r-	c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-22 16:54 . 2011-03-22 16:54	--------	d-----w-	c:\program files\Trend Micro
2011-03-22 16:46 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{25B833FF-11A4-4BD1-909F-1ED3A3F844A2}\mpengine.dll
2011-03-22 16:46 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C78B4F74-66B4-44EF-A619-99B1AE2F775D}\mpengine.dll
2011-03-22 16:45 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{345E094A-A19D-4FAE-BA5A-0D7FA9638A7E}\mpengine.dll
2011-03-22 16:45 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7122D0CE-47AE-4DD6-BD03-2D7683EBE61C}\mpengine.dll
2011-03-22 15:43 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{67666841-20E2-48B3-A9D3-079BC233FE99}\mpengine.dll
2011-03-22 15:43 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2847514D-EA41-4FD9-A158-C287B4735A24}\mpengine.dll
2011-03-22 15:42 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2B388CD7-78FA-4C5C-98D1-DD117E633BF2}\mpengine.dll
2011-03-22 15:42 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2BB0916A-E40D-4E85-937D-54DFA7352D8C}\mpengine.dll
2011-03-22 15:20 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7AFE87C5-A3FB-4752-AC73-43310A647F4F}\mpengine.dll
2011-03-22 15:19 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{159BB9B4-FA9A-4169-92B5-23BFAA932946}\mpengine.dll
2011-03-22 15:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{8D39032B-7E46-43A1-AF1C-A0C3AF47EF86}\mpengine.dll
2011-03-22 15:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{CCE68094-168A-47A0-9BBF-5440C3C51837}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E8D8073E-6A17-49C7-A0A8-026CB7199D5F}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B9B43537-F335-4A40-A8DA-FF39188AFA82}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1783EB2B-E627-47EC-B27B-10B1F12A6A2E}\mpengine.dll
2011-03-22 15:06 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{54FF20B5-BF4C-4256-9754-AD41F05E4EF2}\mpengine.dll
2011-03-19 07:14 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{5CD76324-D24C-425E-8660-C429468663A1}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C7D5073C-2257-482A-8292-01E4DCC62B5E}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D8B92366-31CB-4A32-81E0-396FC16DA6AB}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{05DDA942-C128-44CD-AFAC-140F6CE18693}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1B22B66B-EA56-433B-B1A4-1827503761E2}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1AFA4F9F-B832-415E-B0BC-61E7A0AD6319}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{185E9F8F-3934-4491-A04A-F05A8B6BF15B}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{EE6DB036-7E28-456D-8073-717FACBA62F0}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{744E665B-C796-4880-A90F-36FD0341A9EA}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{75A05A5D-965A-4AD1-A390-F80664AC7D31}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D0393250-3C80-4671-B709-D6E243AD71DA}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A0B2084E-FC45-49F8-935F-2E0641935643}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BD911DBF-172E-4AB9-917D-CA33756266FE}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C4A8C240-F226-4CB3-AB4E-F82F912C5486}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{655D8C9A-7DD4-4D84-8C56-630BD8085691}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D75B7FC2-B0B3-4821-B08F-1113CE12C369}\mpengine.dll
2011-03-10 08:15 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{995965E6-5359-43C5-9638-5D04842F1239}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{29F94A09-C1F5-4A80-BF76-EC8C05D2C7D0}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{88F08254-1A4C-475C-92A0-FA903FF01BDF}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{81B3E228-F5A9-4B19-8020-5E983C59905F}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2B6C0FDB-99A6-494E-B324-E1124B1E27FE}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{3EA60FE9-EFBC-44B3-BFDD-7D7289194FB5}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A273F378-3162-4FAD-BB62-CB4A056CF178}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C7F5424B-6AC1-45F8-91C2-5A7935F86369}\mpengine.dll
2011-03-09 01:49 . 2010-12-29 17:41	323072	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 01:49 . 2010-12-29 17:41	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 01:49 . 2010-12-29 17:41	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 01:49 . 2010-12-29 17:39	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 01:48 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 01:48 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-03 03:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{04B5C4A1-BEAE-48BC-ABDE-4B4550A14A83}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{07AD9627-680B-4042-B1AA-52F50715F029}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{00E72D2F-012D-425D-8EF5-3547F5A8C174}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{01321FC5-790D-4372-B9C4-51E58B82ED8E}\mpengine.dll
2011-03-02 12:00 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4EABD2EF-221C-4B3C-8E56-B141B65FFC83}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9F039DA2-3825-4A51-852D-18FDA6A9F132}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{570CFD2F-6842-4EE5-B583-973A6C3EF08F}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BB7014AC-C154-4E42-9BAF-D5CD0665F3F2}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{03ED94DB-A881-4C44-B339-0E71355B603D}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9A8C16E6-BDE2-47BF-8815-09537F0DF289}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{73BD216C-D303-4DEF-9150-255023AFC185}\mpengine.dll
2011-02-25 14:00 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C72E0C2D-C3DE-4912-A6EC-EA6C5A3E744B}\mpengine.dll
2011-02-24 11:46 . 2011-02-24 14:16	--------	d--h--w-	c:\users\Chris\AppData\Roaming\vlc
2011-02-24 11:45 . 2011-02-24 11:45	--------	d-----w-	c:\program files\VideoLAN
2011-02-24 02:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{6BE800D1-DFEA-4E7C-913C-396D9A0455ED}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9A22F591-90A1-48A5-9F50-01BB489C3B1B}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7099BF90-7237-4B03-A93C-E5DCEF57229A}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E32F61B9-3A37-4690-8DDD-B80DDC2AF75B}\mpengine.dll
2011-02-23 16:02 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 06:11 . 2009-10-02 15:59	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-10 16:04	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 16:04	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-10 16:24	2038784	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 14:37	409600	----a-w-	c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-20 14:43	1526296	----a-w-	c:\program files\TorrentMan\tbTorr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41	118784	----a-w-	c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-09-30 66600]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-28 704512]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-30 1447168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 430080]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-9-18 113664]
Patch.cmd [2008-7-20 9615]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-11 11:14	29744	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 06:16	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-01-05 17:37	1410296	---ha-w-	c:\program files\Steam\Steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GPU-Z;GPU-Z;c:\users\Joel\AppData\Local\Temp\GPU-Z.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Nlaceten;Nlaceten; [x]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-30 34312]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-09-01 49152]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-20 468224]
S2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [2007-10-19 14672]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-10 8192]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{6C6B2973-2FCD-4930-A446-57CDBB80F5A5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {411AF379-4033-4CD0-B11D-CCA9967E933B} = 10.0.0.138
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 00:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4744)
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
Completion time: 2011-03-24  00:13:36
ComboFix-quarantined-files.txt  2011-03-23 13:13
.
Pre-Run: 13,967,032,320 bytes free
Post-Run: 18,154,258,432 bytes free
.
- - End Of File - - 892C76352EA75B6B91DB5FDD5B16F449


----------



## AjsGuns

here is the newest HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:41 AM, on 24/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TrueSuite Access Manager\PwdBank.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://au.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O1 - Hosts: 88.198.24.17 irc.westwood.com
O1 - Hosts: 88.198.24.17 servserv.westwood.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
O4 - HKLM\..\Run: [UsbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Patch.cmd
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{411AF379-4033-4CD0-B11D-CCA9967E933B}: NameServer = 10.0.0.138
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12357 bytes


----------



## AjsGuns

In regards to the computer i clicked the near the recycling bin and all the icons came back however my desktop background is still gone and a few of the icons look different as well as on the desktop tray those little icons that like show internet explorer and how to put the monitor in different views (dunno if im making sense) are gone!


----------



## johnb35

After an infection like what you had your desktop may be screwed up.  It's just a matter of going in and changing it back to what you like.  The icons will have to be put back manually.  And as far as the one putting the monitor in different views?  I'm not sure what you are talking about.  

However, please rerun hijackthis and place checks next to the following entries.

If you did put westwood.com in your hosts file then please have hijackthis fix those 2 entries.  The IP address goes to germany.

O1 - Hosts: 88.198.24.17 irc.westwood.com  
O1 - Hosts: 88.198.24.17 servserv.westwood.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTorr.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Patch.cmd  If you don't know what this is please have hijackthis fix this as well.
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3. dll

Then click on fix checked at the bottom.

Please post an uninstall list using hijackthis.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it to your desktop.  Then just copy and paste the list in your next reply back here.


----------



## AjsGuns

I left westood there and clicked all the others (its a company who made a game Tiberian Sun)

Heres the list you asked for:
AC3Filter (remove only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 8.1.3
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bluetooth Stack for Windows by Toshiba
Bonjour
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
CD/DVD Drive Acoustic Silencer
Command & Conquer Tiberian Sun
Conexant HD Audio
Dawn Of War
DivX Converter
DivX Setup
DVD MovieFactory for TOSHIBA
ESET NOD32 Antivirus
Express Burn
Fallout 3
Firebird SQL Server - MAGIX Edition (UK)
FM Tuner Utility
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hazard Perception Test Demo
HDMI Control Manager
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 6
Junk Mail filter update
MAGIX Music Maker 12 silver (UK)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Protection Service
Microsoft Search Enhancement Pack
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows Live OneCare Resources v1.6.2111.38
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Microsoft Windows OneCare Live v1.6.2111.38
Microsoft Windows OneCare Live v1.6.2111.38 Idcrl Install
MixPad
Mozilla Firefox (3.5.6)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
O2Micro Flash Memory Card Reader Driver (x86)
Pacific Poker
Picasa 2
PokerStove version 1.23
Prism Video Converter
ProScan 4.4.7
PX Engine
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
SpeedFan (remove only)
Steam
System Requirements Lab
System Requirements Lab
System Requirements Lab CYRI
Text-To-Speech-Runtime
TorrentMan Toolbar
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
TOSHIBA SD Memory Utilities
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrueSuite Access Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
VLC media player 1.1.7
WavePad Sound Editor
Westwood Shared Internet Components
Windows Driver Package - 2Wire (2WIREPCP) Net  (03/22/2007 2.0)
Windows Driver Package - NETGEAR Inc. (RTL8187) Net  (02/07/2007 6.1283.0207.2007)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
WinRAR archiver
World of Warcraft

Thank you very much


----------



## johnb35

Please uninstall the following programs in add/remove programs.

Java(TM) 6 Update 6
TorrentMan Toolbar

Then go here to download the latest version of java.

http://www.java.com/en/download/index.jsp

If you have any illegal torrented software installed, I would highly advise to uninstall it and do a full scan with malwarebytes.  

Torrenting software will get you infected most of the time and plus its illegal.


----------



## AjsGuns

Hi John i really appreciate all your help! ive probally given you a headache.
when i try to uninstall Torrentman toolbar this error comes up:
Wise uninstall
Could not open INSTALL.LOG.FILE
all i can click is ok

Also is it now safe to buy things and input my credit card? As i plan to buy something from Eastbay but dont want to get my info stolen.

As far as torrents the only think i've downloaded is a movie, no idea why or how i got this infection :S


----------



## Snow90

johnb35 said:


> Please uninstall the following programs in add/remove programs.
> 
> Java(TM) 6 Update 6
> TorrentMan Toolbar
> 
> Then go here to download the latest version of java.
> 
> http://www.java.com/en/download/index.jsp
> 
> If you have any illegal torrented software installed, I would highly advise to uninstall it and do a full scan with malwarebytes.
> 
> Torrenting software will get you infected most of the time and plus its illegal.



x2

Keep doing multiple scans with several different anti-virus/malware providers. Malwarebytes won't catch everything.

I've used Trojan Remover in the past, very cool piece of software.

http://www.simplysup.com/


----------



## johnb35

Yes its safe.  You can try reinstalling the toolbar and then uninstalling.  Or I can give you a combofix script to run to uninstall it from the registry.

Please move the file combofix to your desktop so you can do the following.

 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box


		Code:
	

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-20 14:43 1526296 ----a-w- c:\program files\TorrentMan\tbTorr.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTorr.dll" [2008-05-20 1526296]

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]




3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!








ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.


----------



## AjsGuns

Done hopefully its looking better (no idea how to read it haha):

ComboFix 11-03-22.09 - Chris 24/03/2011   1:37.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.61.1033.18.3066.1475 [GMT 11:00]
Running from: D:\ComboFix.exe
Command switches used :: c:\users\Chris\Desktop\CFScript.lnk
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-23 to 2011-03-23  )))))))))))))))))))))))))))))))
.
.
2011-03-23 14:46 . 2011-03-23 14:46	--------	d-----w-	c:\users\TEMP(17)\AppData\Local\temp
2011-03-23 14:46 . 2011-03-23 14:46	--------	d-----w-	c:\users\Random\AppData\Local\temp
2011-03-23 14:46 . 2011-03-23 14:46	--------	d-----w-	c:\users\Joel\AppData\Local\temp
2011-03-23 14:46 . 2011-03-23 14:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-23 14:22 . 2011-03-23 14:22	--------	d-----w-	c:\program files\Common Files\Java
2011-03-23 14:22 . 2011-03-23 14:21	472808	----a-w-	c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-23 14:22 . 2011-03-23 14:21	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-03-23 14:21 . 2011-03-23 14:21	--------	d-----w-	c:\programdata\McAfee
2011-03-23 13:10 . 2011-03-23 14:47	--------	d-----w-	c:\users\Chris\AppData\Local\temp
2011-03-23 12:32 . 2011-02-11 06:54	5943120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5B1C68D-887E-4D7D-8D89-666257EF6FD7}\mpengine.dll
2011-03-22 16:54 . 2011-03-22 16:54	388096	----a-r-	c:\users\Chris\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-03-22 16:54 . 2011-03-22 16:54	--------	d-----w-	c:\program files\Trend Micro
2011-03-22 16:46 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{25B833FF-11A4-4BD1-909F-1ED3A3F844A2}\mpengine.dll
2011-03-22 16:46 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C78B4F74-66B4-44EF-A619-99B1AE2F775D}\mpengine.dll
2011-03-22 16:45 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{345E094A-A19D-4FAE-BA5A-0D7FA9638A7E}\mpengine.dll
2011-03-22 16:45 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7122D0CE-47AE-4DD6-BD03-2D7683EBE61C}\mpengine.dll
2011-03-22 15:43 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{67666841-20E2-48B3-A9D3-079BC233FE99}\mpengine.dll
2011-03-22 15:43 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2847514D-EA41-4FD9-A158-C287B4735A24}\mpengine.dll
2011-03-22 15:42 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2B388CD7-78FA-4C5C-98D1-DD117E633BF2}\mpengine.dll
2011-03-22 15:42 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2BB0916A-E40D-4E85-937D-54DFA7352D8C}\mpengine.dll
2011-03-22 15:20 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7AFE87C5-A3FB-4752-AC73-43310A647F4F}\mpengine.dll
2011-03-22 15:19 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{159BB9B4-FA9A-4169-92B5-23BFAA932946}\mpengine.dll
2011-03-22 15:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{8D39032B-7E46-43A1-AF1C-A0C3AF47EF86}\mpengine.dll
2011-03-22 15:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{CCE68094-168A-47A0-9BBF-5440C3C51837}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E8D8073E-6A17-49C7-A0A8-026CB7199D5F}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B9B43537-F335-4A40-A8DA-FF39188AFA82}\mpengine.dll
2011-03-22 15:07 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1783EB2B-E627-47EC-B27B-10B1F12A6A2E}\mpengine.dll
2011-03-22 15:06 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{54FF20B5-BF4C-4256-9754-AD41F05E4EF2}\mpengine.dll
2011-03-19 07:14 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{5CD76324-D24C-425E-8660-C429468663A1}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C7D5073C-2257-482A-8292-01E4DCC62B5E}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D8B92366-31CB-4A32-81E0-396FC16DA6AB}\mpengine.dll
2011-03-19 07:13 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{05DDA942-C128-44CD-AFAC-140F6CE18693}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1B22B66B-EA56-433B-B1A4-1827503761E2}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1AFA4F9F-B832-415E-B0BC-61E7A0AD6319}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{185E9F8F-3934-4491-A04A-F05A8B6BF15B}\mpengine.dll
2011-03-17 07:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{EE6DB036-7E28-456D-8073-717FACBA62F0}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{744E665B-C796-4880-A90F-36FD0341A9EA}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{75A05A5D-965A-4AD1-A390-F80664AC7D31}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D0393250-3C80-4671-B709-D6E243AD71DA}\mpengine.dll
2011-03-16 16:18 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A0B2084E-FC45-49F8-935F-2E0641935643}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BD911DBF-172E-4AB9-917D-CA33756266FE}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C4A8C240-F226-4CB3-AB4E-F82F912C5486}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{655D8C9A-7DD4-4D84-8C56-630BD8085691}\mpengine.dll
2011-03-16 11:55 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D75B7FC2-B0B3-4821-B08F-1113CE12C369}\mpengine.dll
2011-03-10 08:15 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{995965E6-5359-43C5-9638-5D04842F1239}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{29F94A09-C1F5-4A80-BF76-EC8C05D2C7D0}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{88F08254-1A4C-475C-92A0-FA903FF01BDF}\mpengine.dll
2011-03-10 08:14 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{81B3E228-F5A9-4B19-8020-5E983C59905F}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2B6C0FDB-99A6-494E-B324-E1124B1E27FE}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{3EA60FE9-EFBC-44B3-BFDD-7D7289194FB5}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A273F378-3162-4FAD-BB62-CB4A056CF178}\mpengine.dll
2011-03-09 16:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C7F5424B-6AC1-45F8-91C2-5A7935F86369}\mpengine.dll
2011-03-09 01:49 . 2010-12-29 17:41	323072	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 01:49 . 2010-12-29 17:41	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 01:49 . 2010-12-29 17:41	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 01:49 . 2010-12-29 17:39	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 01:48 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 01:48 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-03-03 03:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{04B5C4A1-BEAE-48BC-ABDE-4B4550A14A83}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{07AD9627-680B-4042-B1AA-52F50715F029}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{00E72D2F-012D-425D-8EF5-3547F5A8C174}\mpengine.dll
2011-03-03 03:22 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{01321FC5-790D-4372-B9C4-51E58B82ED8E}\mpengine.dll
2011-03-02 12:00 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4EABD2EF-221C-4B3C-8E56-B141B65FFC83}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9F039DA2-3825-4A51-852D-18FDA6A9F132}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{570CFD2F-6842-4EE5-B583-973A6C3EF08F}\mpengine.dll
2011-03-02 11:59 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BB7014AC-C154-4E42-9BAF-D5CD0665F3F2}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{03ED94DB-A881-4C44-B339-0E71355B603D}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9A8C16E6-BDE2-47BF-8815-09537F0DF289}\mpengine.dll
2011-02-25 14:01 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{73BD216C-D303-4DEF-9150-255023AFC185}\mpengine.dll
2011-02-25 14:00 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C72E0C2D-C3DE-4912-A6EC-EA6C5A3E744B}\mpengine.dll
2011-02-24 11:46 . 2011-02-24 14:16	--------	d-----w-	c:\users\Chris\AppData\Roaming\vlc
2011-02-24 11:45 . 2011-02-24 11:45	--------	d-----w-	c:\program files\VideoLAN
2011-02-24 02:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{6BE800D1-DFEA-4E7C-913C-396D9A0455ED}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9A22F591-90A1-48A5-9F50-01BB489C3B1B}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	------w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7099BF90-7237-4B03-A93C-E5DCEF57229A}\mpengine.dll
2011-02-24 02:53 . 2007-02-01 06:26	2443144	----a-w-	c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E32F61B9-3A37-4690-8DDD-B80DDC2AF75B}\mpengine.dll
2011-02-23 16:02 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 06:11 . 2009-10-02 15:59	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-08 07:50 . 2011-02-10 16:04	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-10 16:04	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-10 16:24	2038784	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 14:57 . 2011-01-12 14:37	409600	----a-w-	c:\windows\system32\odbc32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]
@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"
[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]
2008-07-25 04:41	118784	----a-w-	c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-06 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-26 716800]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-09-30 66600]
"FingerPrintNotifer"="c:\program files\TrueSuite Access Manager\FpNotifier.exe" [2008-09-28 704512]
"UsbMonitor"="c:\program files\TrueSuite Access Manager\usbnotify.exe" [2008-07-25 94208]
"PwdBank"="c:\program files\TrueSuite Access Manager\PwdBank.exe" [2008-09-03 3152384]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-30 1447168]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2008-04-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-09-11 11:14	29744	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 06:16	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-01-05 17:37	1410296	----a-w-	c:\program files\Steam\Steam.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\magix\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GPU-Z;GPU-Z;c:\users\Joel\AppData\Local\Temp\GPU-Z.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Nlaceten;Nlaceten; [x]
S0 AlfaFF;AlfaFF mini-filter driver;c:\windows\system32\Drivers\AlfaFF.sys [2008-07-25 42608]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-30 34312]
S2 Authentec memory manager;Authentec memory manager service;c:\windows\system32\TAMSvr.exe [2008-09-01 49152]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-17 40960]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-20 468224]
S2 OpenLibSys;OpenLibSys;c:\program files\NXP\FM Radio\OpenLibSys.sys [2007-10-19 14672]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-04-15 51160]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-10 8192]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-04-25 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{6C6B2973-2FCD-4930-A446-57CDBB80F5A5}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://au.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {411AF379-4033-4CD0-B11D-CCA9967E933B} = 10.0.0.138
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 01:47
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5128)
c:\program files\ESET\ESET NOD32 Antivirus\eplgHooks.dll
c:\program files\TrueSuite Access Manager\IconOvrly.dll
.
Completion time: 2011-03-24  01:50:18
ComboFix-quarantined-files.txt  2011-03-23 14:50
ComboFix2.txt  2011-03-23 13:13
.
Pre-Run: 16,923,209,728 bytes free
Post-Run: 17,323,864,064 bytes free
.
- - End Of File - - 9BE96D4B448CF40506D83260E1B4D88F


----------



## johnb35

That script took care of the torrentman toolbar.  How is the system running now?


----------



## candyman

My niece had exactly this problem on her computer.

Fortunately I had partitioned her HD but there was a lot of data on Drive D that we needed to save.

Trying to save it to an external 1Gb Hard drive was almost impossible due to the computer being really slowed down.

So I tried re-installing her Win XP on drive C and this cured the problem - so far!

.


----------



## pyana1

Google'ed the error message I was receiving from my PC and found this forum. Followed all the instructions and just wanted to THANK you guys; would know where to turn or do had I not found this place... Here's the information I received in my log, hopefully someone can tell me what it means.


ComboFix 11-04-06.03 - user 04/07/2011  12:40:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2038.1104 [GMT -4:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\46980872.exe
c:\programdata\ux18v6r3h307eun6y4a3so4cgss1u
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\users\user\AppData\Local\{1E5CFC7C-D25B-4B5A-99C9-7873E54AC89C}
c:\users\user\AppData\Local\{1E5CFC7C-D25B-4B5A-99C9-7873E54AC89C}\chrome.manifest
c:\users\user\AppData\Local\{1E5CFC7C-D25B-4B5A-99C9-7873E54AC89C}\chrome\content\_cfg.js
c:\users\user\AppData\Local\{1E5CFC7C-D25B-4B5A-99C9-7873E54AC89C}\chrome\content\overlay.xul
c:\users\user\AppData\Local\{1E5CFC7C-D25B-4B5A-99C9-7873E54AC89C}\install.rdf
c:\users\user\AppData\Roaming\desktop.ini
c:\users\user\AppData\Roaming\inst.exe
c:\users\user\AppData\Roaming\Local
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\user\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Windows Restore.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Templates\ux18v6r3h307eun6y4a3so4cgss1u
c:\users\user\AppData\Roaming\ntuser.dat
c:\users\user\AppData\Roaming\xssend2
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-07 to 2011-04-07  )))))))))))))))))))))))))))))))
.
.
2011-04-07 16:52 . 2011-04-07 16:53	--------	d-----w-	c:\users\user\AppData\Local\temp
2011-04-07 16:52 . 2011-04-07 16:52	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-07 14:52 . 2011-04-07 14:52	548864	---ha-w-	c:\programdata\bSinTMFIBqqAiGT.exe
2011-04-07 14:11 . 2011-04-07 14:59	--------	d--h--w-	c:\users\user\AppData\Roaming\BitComet
2011-04-05 23:14 . 2011-04-07 15:47	--------	d--h--w-	c:\programdata\eMule
2011-04-04 18:11 . 2011-04-06 04:11	0	---ha-w-	c:\users\user\AppData\Local\Dyereqariwi.bin
2011-04-02 09:56 . 2007-03-19 00:37	65602	----a-w-	c:\windows\system32\cook3260.dll
2011-04-02 09:56 . 2006-09-29 16:26	176165	----a-w-	c:\windows\system32\drv23260.dll
2011-04-02 09:56 . 2006-09-29 16:25	208935	----a-w-	c:\windows\system32\drv33260.dll
2011-04-02 09:56 . 2006-09-29 16:24	217127	----a-w-	c:\windows\system32\drv43260.dll
2011-04-02 09:56 . 2002-12-10 06:20	102439	----a-w-	c:\windows\system32\sipr3260.dll
2011-04-02 09:56 . 2006-05-20 20:16	1184984	----a-w-	c:\windows\system32\wvc1dmod.dll
2011-04-02 09:56 . 2006-05-11 23:21	626688	----a-w-	c:\windows\system32\vp7vfw.dll
2011-03-12 00:53 . 2011-03-12 00:54	--------	d--h--w-	c:\programdata\lHiEoDh05200
2011-03-09 11:30 . 2010-12-29 18:28	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 11:30 . 2010-12-29 18:28	322560	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 11:30 . 2010-12-29 18:28	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-09 11:30 . 2010-12-29 18:26	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 11:30 . 2010-12-17 15:45	2067968	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 11:30 . 2010-12-17 13:54	677888	----a-w-	c:\windows\system32\mstsc.exe
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-02 09:56 . 2011-01-08 14:45	47360	---ha-w-	c:\users\user\AppData\Roaming\pcouffin.sys
2011-01-08 14:45 . 2011-01-08 14:45	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2011-01-08 08:47 . 2011-02-08 19:55	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-08 19:55	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-05-12 21:42 . 2010-05-12 21:42	124344	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-05-12 22:22 . 2010-05-12 22:22	13240	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-05-12 21:43 . 2010-05-12 21:43	70592	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-05-12 21:42 . 2010-05-12 21:42	91576	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-05-12 21:42 . 2010-05-12 21:42	22464	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-05-12 21:41 . 2010-05-12 21:41	255416	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-05-12 21:42 . 2010-05-12 21:42	31160	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-05-12 21:42 . 2010-05-12 21:42	40384	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2010-04-14 18:55 . 2010-04-14 18:55	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-05-12 21:43 . 2010-05-12 21:43	24000	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12	1244040	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-06 39408]
"bSinTMFIBqqAiGT"="c:\programdata\bSinTMFIBqqAiGT.exe" [2011-04-07 548864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^user^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 22:17	47904	----a-w-	c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15	63360	----a-w-	c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28	1226608	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX8400 Series]
2007-02-15 11:00	179200	----a-w-	c:\windows\System32\spool\drivers\w32x86\3\E_FATICEA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-20 23:01	136176	---hatw-	c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 20:08	421160	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mega Manager]
2010-11-03 16:00	2113024	----a-w-	c:\program files\Megaupload\Mega Manager\MegaManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
2011-03-10 12:39	37943240	----a-w-	c:\windows\System32\mrt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40	180224	----a-w-	c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 20:12	26192168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 19:21	246504	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-10-06 02:55	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-14 14:40	1348904	----a-w-	c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
2007-03-03 19:12	341488	----a-w-	c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32	74752	----a-w-	c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}]
2010-11-15 20:50	300544	----a-w-	c:\program files\Mediafour\XPlay 3\XPlay.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S0 MDFSYSNT;MacDrive file system driver; [x]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-11-15 145504]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 65584]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [2010-11-15 211968]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 02:55]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 02:55]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170248446-3856931898-3433464971-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 23:01]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3170248446-3856931898-3433464971-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 23:01]
.
2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{058A804A-01A9-4505-B0DB-0CCE88379C47}.job
- c:\windows\system32\msfeedssync.exe [2011-02-08 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.atcomet.com/b/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:33554
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fr1idh3t.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.atcomet.com/b/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKCU-Run-Ydakaponameve - c:\users\user\AppData\Local\emijogumaj.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-cadwbksl - c:\users\user\AppData\Local\Temp\kaulgijoq\djsjaduhmof.exe
MSConfigStartUp-Logitech Vid - c:\program files\Logitech\Vid HD\Vid.exe
MSConfigStartUp-LWS - c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 12:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\user\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-07  12:56:28
ComboFix-quarantined-files.txt  2011-04-07 16:56
.
Pre-Run: 118,644,097,024 bytes free
Post-Run: 122,462,269,440 bytes free
.
- - End Of File - - 8D5B706E62C476E4E078907017D516DB


----------



## johnb35

pyana1, 

Please follow these instructions.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

File::
c:\programdata\bSinTMFIBqqAiGT.exe
c:\users\user\AppData\Local\Dyereqariwi.bin


Registry::
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 21:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000



3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!







ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

I also need you to post a malwarebytes and hijackthis log in your next reply.  Please follow these instructions for downloading and running them.

Please download Malwarebytes' Anti-Malware from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## Trainmaster

*Having the same problem as original poster - here's my Hijack This Log*

malware bytes is still running; here's my hijack this log 

I don't recognize this program - i have never seen it in my taskmaster process list before
C:\Documents and Settings\All Users\Application Data\MRtPNAFMRSnT.exe



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:08:05 PM, on 4/21/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\MRtPNAFMRSnT.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.remcpapc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6437
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110118075944.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY"
O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" -c Direct -p DOT4_002 -pn "LaserJet 1012 Series" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [DelayShred] "c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" /P7 /q c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.IE5\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.IE5\K86IFILP.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\SYSTEM~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\MPLAYE~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASHP~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASH6~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FILE31~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRF695~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRC26F~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~4.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~3.SH! c:\DOCUME~1\owner\LOCALS~1\temp\History\History.SH! c:\DOCUME~1\owner\LOCALS~1\temp\History.SH! c:
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [MRtPNAFMRSnT] "C:\Documents and Settings\All Users\Application Data\MRtPNAFMRSnT.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Seagate 2GET6XM1 Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GET6XM1 Product Registration.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{97B6CB8F-1BEA-4002-B0EE-CF309F13BD95}: NameServer = 69.78.96.14 66.174.95.44
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 10352 bytes


----------



## johnb35

Always run malwarebytes first before posting the hijackthis log.  Repost the hijackthis log after posting the malwarebytes log.


----------



## Trainmaster

OK.  Malwarebytes is still running.  I'll check back in few minutes, get its log, rerun hijack this, get its log and post them for you.


----------



## Trainmaster

I am still out here.  I had run a full scan on malwarebytes, and it had scanned over 150000 files and had been running for over 2 hours and 40 minutes, then my screen went black, and a window poopped up saying the following : "Windows delayed write failed   X  Windows was unable to save all the data for the file \\System32\\496A8300. The data has been lost.  The error may be caused by a failure of your computer hardware.

The system then rebooted itself and the whole popup screen episode described by the original poster began again.  

I am currently rerunning malwarebytes as "quick scan" hope this is OK.


----------



## johnb35

yes, all that is needed is a quick scan.  it may help to run the rkill program before running malwarebytes.

please download and run Rkill.scr,  Rkill.exe, or Rkill.com  but *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.


----------



## Trainmaster

Currently trying to get rkill. Having to fight it as you described.


----------



## Trainmaster

*Downloaded and ran rkill - rerunning malwarebytes*

running quick scan in malware bytes will post log and rerun hijack this and post its log as well.


----------



## Trainmaster

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6417

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/21/2011 11:02:39 PM
mbam-log-2011-04-21 (23-02-17).txt

Scan type: Quick scan
Objects scanned: 50264
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> No action taken.


----------



## Trainmaster

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6417

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

4/21/2011 11:08:51 PM
mbam-log-2011-04-21 (23-08-51).txt

Scan type: Quick scan
Objects scanned: 50264
Time elapsed: 8 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


----------



## Trainmaster

*Hijackthis log file*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:28:03 PM, on 4/21/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\wscntfy.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.remcpapc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6437
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110118075944.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\WINDOWS\system32\WLTRAY"
O4 - HKLM\..\Run: [HPLJ Config] "C:\Program Files\Hewlett-Packard\hp LaserJet 1010 Series\SetConfig.exe" -c Direct -p DOT4_002 -pn "LaserJet 1012 Series" -n 0 -l 1033 -sl 120000
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DelayShred] "c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" /P7 /q c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.IE5\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.IE5\K86IFILP.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH!\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Content.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\SYSTEM~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\MPLAYE~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASHP~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASH6~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FILE31~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRF695~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRC26F~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~4.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~3.SH! c:\DOCUME~1\owner\LOCALS~1\temp\History\History.SH! c:\DOCUME~1\owner\LOCALS~1\temp\History.SH! c:
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O4 - Startup: Seagate 2GET6XM1 Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GET6XM1 Product Registration.exe
O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Update Page Content - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\refreshpage.htm
O8 - Extra context menu item: View All Originals On Page - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\MSN\MSNIA\CC\MSNCC\WA\getoriginal.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 9967 bytes


----------



## Trainmaster

*Thank you, comments and questions*

I have spent this morning restoring my desktop icons and un-hiding my files that the virus hid.  Please let me know if you saw anything on my logs that needs further attention.  I do have a few follow-up questions. 

Is it now safe to distribute files created on my pc?  I am a CPA and I send out emails with attachments frequently, sometimes Word or Excel, but mostly I send out docs as .pdf files because most of my clients do not have Microsoft Office on their home pc’s.  Is there a possibility of transmitting this virus to them?  

If I go to Start, All Programs I see only two programs, where formerly I saw just about everything ever installed on this machine.  Is there any quick and easy way to repopulate that list with my program names?

I was previously running Mcafee and Spy Sweeper as my “joint malware defense task force”.  This is a legacy from my days with my original dial-up internet service provider, MSN, who provided free downloads for their subscribers.  Being an “If it aint broke don’t fix it” type of guy I kept them even after switching to Verizon Wireless Broadband for internet access.  They had faithfully protected me until yesterday morning.  Do you have observations/suggestions for anti-virus / anti-spyware use going forward?

Finally, I wanted to say thank you to you and the others who made this forum what it is.  We have similar forums in the CPA community that are indispensable for sharing knowledge of tax information and accounting software tips and troubleshooting.  As a hopelessly small, one professional firm, I appreciate being able to come to a computer forum site such as this and receive technical advice.  This experience was so much more productive than anytime I ever spent on the phone or online with a computer or software manufacturer’s so called “tech support”.  I will tell others in the future to refer here for help.


----------



## johnb35

Rerun hijackthis and place checks next to the following entries.

O4 - HKLM\..\Run: [Reminder] "C:\WINDOWS\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DelayShred] "c:\PROGRA~1\mcafee\mshr\ShrCL.EXE" /P7 /q c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.I E5\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.I E5\K86IFILP.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1\Content.S H! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Conte nt.SH!\S68H14M1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\TEMPOR~1.SH!\Conte nt.SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\SYSTEM~1. SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\MPLAYE~1. SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASHP~1. SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FLASH6~1. SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1\FILE31~1. SH! c:\DOCUME~1\owner\LOCALS~1\temp\MPROJE~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRF695~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FRC26F~1.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~4.SH! c:\DOCUME~1\owner\LOCALS~1\temp\FROMCA~3.SH! c:\DOCUME~1\owner\LOCALS~1\temp\History\History.SH ! c:\DOCUME~1\owner\LOCALS~1\temp\History.SH! c:
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Then click on fix checked at the bottom.

Yes, your system is perfectly safe now.  You may email or whatever you need to do. 

As far as what malware protection to use.  Malwarebytes and Superantispyware are kept up to date pretty regularly especially malwarebytes.  You may want to think about buying the paid version of the software so that it actively scans your system all the time.  The infections that are out today are mainly malware infections and not the traditional virus that there was years ago.  You may want to install either the free versions of AVAST or Microsoft Security Essentials as your virus/malware scanner.


----------



## Trainmaster

*Took care of those items in Hijackthis*

Thanks again for your help.


----------



## kells

Hey johnb35! I have spent spent most of my day reading downloading and following your detailed instructions. I am not computer savvy by any means, but I must admit you are really good!!! I have 3 sets of logs; the combofix,fresh hijack and mbam. Would you mind taking a look @ them? I'm not sure what I should do @this point. FYI I'm about 90% back to restoration. Thanks again for your previous posts!


----------



## johnb35

kells said:


> Hey johnb35! I have spent spent most of my day reading downloading and following your detailed instructions. I am not computer savvy by any means, but I must admit you are really good!!! I have 3 sets of logs; the combofix,fresh hijack and mbam. Would you mind taking a look @ them? I'm not sure what I should do @this point. FYI I'm about 90% back to restoration. Thanks again for your previous posts!



I already replied to your other post here.

http://www.computerforum.com/194686...kealert-virus-something-else.html#post1625493


----------



## ohhh nooooo

HI JohnB35, I see im not the onlyone to request your help, but AJSGuns's description matches exactly what my pc problem is. I did as you said and downloaded malwarebytes and placed these results below. I then re-did the scan afterwards and it said I had no infections. At first my desktop was missing a background and the my computer and recycle bin icon, the start menu turned old school, and there was nothing in recently viewed etc. Since completing scan and rebooting (because malwarebytes told me to) I have no desktop icons other than my latest text file scan. Also noticed my e drive shows total space and free space but when I click into it it says empty folder. Please can you help?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6465

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

28/04/2011 21:06:37
mbam-log-2011-04-28 (21-06-37).txt

Scan type: Quick scan
Objects scanned: 265096
Time elapsed: 24 minute(s), 58 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 13

Memory Processes Infected:
c:\programdata\awvrvgtrjn.exe (Trojan.FakeAlert) -> 5028 -> Unloaded process successfully.
c:\programdata\38395656.exe (Trojan.FakeAlert) -> 6068 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\awVRVgtrjn (Trojan.FakeAlert) -> Value: awVRVgtrjn -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Daniel\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\awvrvgtrjn.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\38395656.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\Users\Daniel\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osCF02.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osCF02.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osCF02.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Windows\Temp\~osDA1A.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\Daniel\downloads\setupcasino_802619_en.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Daniel\downloads\VLCSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\Users\Daniel\local settings\temporary internet files\Content.IE5\9SV7437U\readme[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Daniel\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Daniel\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.


----------



## ohhh nooooo

I was also shocked it said I had 13 infected files. I used my credit card today online, I had my cv on my desktop, logged in and and out of email accounts etc. What course of action should I take, would it be necessary to notify my bank etc? As the following scan reported no errors does that mean my pc is fixed? Other than hard drive not showing my files :-(


----------



## ohhh nooooo

I also did the hijackthis report and included it below. To complete and save I had to log in on safe mode, when it was logging in safemode my original desktop full of icons briefly appeared before disappearing again? Anyways the log is below, your help would be most appreciated! 


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:02:05, on 28/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110425184608.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remote Mouse Server.lnk = C:\Program Files\Remote Mouse Server\RemoteMouse.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13099 bytes


----------



## ohhh nooooo

Also - sorry if I sound stupid, but so you know i searched the computer for some files I know were on my desktop, such as my cv and a music file, and they do not show up? Searched in start menu search box.


----------



## johnb35

Please disable mcafee before running the following program.

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

http://www.bleepingcomputer.com/download/anti-virus/combofix

Then double click *combofix.exe* & follow the prompts.
When finished, it shall produce *a log* for you. *Post that log* in your next reply
*Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall*

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## ohhh nooooo

Hi John thanks for getting back to me. I think I disabled everything in mcafee but noticed it mentioned mcafee in the combofix report below.

How my computers doing now- It now displays every icon I had on the desktop but no recycle bin or my computer icon. It now opens the hard drive it said was empty which is great. My background is white, the start bar doesnt expand in the bottom right corner, I can see the little icon to say pc is charging and connected to internet but it had loads of icons there, some which came with computer and some like mcafee which seem to have disappeared but i think are all still on start menu.


ComboFix 11-04-28.01 - Daniel 28/04/2011  23:30:36.1.2 - x86
Running from: c:\users\Daniel\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\GoToAssistDownloadHelper.exe
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-28 to 2011-04-28  )))))))))))))))))))))))))))))))
.
.
2011-04-28 22:43 . 2011-04-28 22:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-28 20:48 . 2011-04-28 20:48	388096	----a-r-	c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-28 20:48 . 2011-04-28 20:48	--------	d-----w-	c:\program files\Trend Micro
2011-04-28 19:27 . 2011-04-28 19:27	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-04-28 19:27 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 19:27 . 2011-04-28 19:27	--------	d--h--w-	c:\programdata\Malwarebytes
2011-04-28 19:27 . 2011-04-28 19:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-28 19:27 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-28 19:02 . 2011-04-28 19:02	--------	d--h--w-	c:\users\Daniel\AppData\Local\{0D557F21-0FFC-4F91-9B50-CAB79F60D4E0}
2011-04-28 15:56 . 2011-04-28 15:56	784136	---ha-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-25 17:46 . 2010-10-13 21:28	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2011-04-25 17:46 . 2010-10-13 21:28	24376	----a-w-	c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-04-25 17:45 . 2010-10-13 21:28	141792	----a-w-	c:\windows\system32\mfevtps.exe
2011-04-25 17:45 . 2010-10-13 21:28	95600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2011-04-25 17:45 . 2010-10-13 21:28	84264	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2011-04-25 17:45 . 2010-10-13 21:28	64304	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2011-04-25 17:45 . 2010-10-13 21:28	55840	----a-w-	c:\windows\system32\drivers\cfwids.sys
2011-04-25 17:45 . 2010-10-13 21:28	313288	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2011-04-25 17:45 . 2010-10-13 21:28	164840	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2011-04-25 17:39 . 2011-04-25 17:39	--------	d--h--w-	c:\users\Daniel\AppData\Local\{DDDF88E5-3148-4AD3-AC87-3677477D4A2A}
2011-04-21 17:10 . 2011-04-21 17:10	--------	d--h--w-	c:\users\Daniel\AppData\Local\{A79D7121-4214-41A6-BA0C-D23E0DD1CD54}
2011-04-19 16:43 . 2011-04-19 16:43	--------	d--h--w-	c:\users\Daniel\AppData\Local\{F37C78FF-C9AF-4395-B36E-C9682A859F01}
2011-04-18 16:39 . 2011-04-18 16:39	--------	d--h--w-	c:\users\Daniel\AppData\Local\{B43405BA-E111-4FC3-B5EB-F4D44435E5D2}
2011-04-17 22:21 . 2011-04-17 22:21	--------	d--h--w-	c:\programdata\TorrentEasy
2011-04-17 22:17 . 2011-04-17 22:17	--------	d--h--w-	c:\users\Daniel\AppData\Local\{AD31C182-7E52-4D3F-94DF-A4E07C4003CA}
2011-04-16 11:39 . 2011-04-16 11:39	--------	d--h--w-	c:\users\Daniel\AppData\Local\Trusteer
2011-04-15 21:16 . 2011-04-15 21:16	--------	d--h--w-	c:\users\Daniel\AppData\Local\{037999AA-78E7-4616-8154-6D2596033D07}
2011-04-15 21:01 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-15 21:01 . 2011-02-16 16:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-15 21:01 . 2011-02-22 13:24	213504	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 21:01 . 2011-02-22 13:24	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 21:01 . 2011-02-22 13:23	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 21:01 . 2011-02-22 13:23	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-15 21:00 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-15 21:00 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-04-15 21:00 . 2011-02-18 14:03	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-15 21:00 . 2011-02-18 14:03	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-15 21:00 . 2011-02-18 14:03	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-15 21:00 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-15 21:00 . 2009-05-04 09:59	25088	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-04-15 20:59 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 20:59 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 20:59 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 16:46 . 2011-04-14 16:46	--------	d--h--w-	c:\users\Daniel\AppData\Local\{58945FFF-F4FE-40A5-8EE7-0E315FBBDC1B}
2011-04-12 15:39 . 2011-04-12 15:39	--------	d--h--w-	c:\users\Daniel\AppData\Local\{28E389D7-96A8-4747-B865-DB2E70BF0AEA}
2011-04-08 09:17 . 2011-04-08 09:17	53816	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2011-04-05 17:01 . 2011-04-05 17:01	--------	d--h--w-	c:\users\Daniel\AppData\Local\{AD7C9BDE-F043-4629-BC1A-20FFBEBF7BC1}
2011-04-03 15:20 . 2011-04-03 15:25	--------	d--h--w-	c:\users\Daniel\AppData\Roaming\Garden Planner
2011-04-03 15:20 . 2011-04-03 15:20	--------	d--h--w-	c:\programdata\Garden Planner
2011-04-03 15:20 . 2011-04-03 15:20	--------	d-----w-	c:\program files\Garden Planner
2011-04-03 15:09 . 2011-04-03 15:09	--------	d--h--w-	c:\users\Daniel\AppData\Local\{5DA92F50-ECF1-4A77-8392-995E70DB13AC}
2011-04-01 16:32 . 2011-04-01 16:32	--------	d--h--w-	c:\users\Daniel\AppData\Local\{4C35971C-B476-4016-805B-7B48060F7780}
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 21:11 . 2011-03-17 21:11	161792	----a-w-	c:\windows\system32\msls31.dll
2011-03-17 21:11 . 2011-03-17 21:11	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-03-17 21:11 . 2011-03-17 21:11	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-17 21:11 . 2011-03-17 21:11	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-17 21:11 . 2011-03-17 21:11	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-17 21:11 . 2011-03-17 21:11	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-17 21:11 . 2011-03-17 21:11	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-03-17 21:11 . 2011-03-17 21:11	367104	----a-w-	c:\windows\system32\html.iec
2011-03-17 21:11 . 2011-03-17 21:11	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-03-17 21:11 . 2011-03-17 21:11	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-17 21:11 . 2011-03-17 21:11	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-17 21:11 . 2011-03-17 21:11	152064	----a-w-	c:\windows\system32\wextract.exe
2011-03-17 21:11 . 2011-03-17 21:11	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-03-17 21:11 . 2011-03-17 21:11	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-17 21:11 . 2011-03-17 21:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-17 21:11 . 2011-03-17 21:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-17 21:11 . 2011-03-17 21:11	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-03-17 21:11 . 2011-03-17 21:11	11776	----a-w-	c:\windows\system32\mshta.exe
2011-03-17 21:11 . 2011-03-17 21:11	101888	----a-w-	c:\windows\system32\admparse.dll
2011-03-17 21:11 . 2011-03-17 21:11	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-03-17 21:11 . 2011-03-17 21:11	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-13 13:20 . 2010-06-24 11:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-22 14:13 . 2011-03-22 19:52	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:52	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:52	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 21:40 . 2010-07-12 22:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-13 21:28 . 2011-04-25 17:46	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-09-23 18:13	2734688	----a-w-	c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-21 00:43	1526296	----a-w-	c:\program files\TorrentMan\tbTor0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17	1487240	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	---ha-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-05-28 20480]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-08 53816]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [2011-04-14 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-08 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-08 158904]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
2011-03-17 21:11	114176	----a-w-	c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:29]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:29]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590934792-190235506-1732831347-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 16:54]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590934792-190235506-1732831347-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ncro8ecg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
AddRemove-Sniper Ghost Warrior_is1 - c:\program files\City Interactive\Sniper Ghost Warrior\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 23:44
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:23,53,e5,e9,a9,11,c1,6d,9a,ae,23,84,97,8a,ef,5f,e1,cc,4c,86,72,d9,4a,
   e7,dc,9b,75,10,5e,9c,39,77,0f,4d,6e,93,6f,08,9f,6b,c2,d0,cb,62,10,11,67,76,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,9c,2b,99,76,34,f3,02,ca,0c,97,19,d1,8b,0d,f5,fa,a4,21,aa,46,
   e4,67,e9,ce,51,06,07,4b,a8,35,0f,e6,15,53,d1,f0,4c,4a,d5,d8,e9,2d,6c,1f,dd,\
"rkeysecu"=hex:60,70,43,f3,da,ef,3e,d6,ef,b3,2d,9f,1f,cb,31,f1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-04-28  23:54:35
ComboFix-quarantined-files.txt  2011-04-28 22:54
.
Pre-Run: 6,220,529,664 bytes free
Post-Run: 8,487,792,640 bytes free
.
- - End Of File - - 947404FE0DCEE7B3887AD388C9F22471






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:07:21, on 29/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110425184608.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remote Mouse Server.lnk = C:\Program Files\Remote Mouse Server\RemoteMouse.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13625 bytes


----------



## johnb35

Please rerun hijackthis and place checks next to the following entries.

R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O15 - Trusted Zone: http://*.mcafee.com

Then click on fix checked.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box



		Code:
	

Folder::

c:\users\Daniel\AppData\Local\{0D557F21-0FFC-4F91-9B50-CAB79F60D4E0}
c:\users\Daniel\AppData\Local\{DDDF88E5-3148-4AD3-AC87-3677477D4A2A}
c:\users\Daniel\AppData\Local\{A79D7121-4214-41A6-BA0C-D23E0DD1CD54}
c:\users\Daniel\AppData\Local\{F37C78FF-C9AF-4395-B36E-C9682A859F01}
c:\users\Daniel\AppData\Local\{B43405BA-E111-4FC3-B5EB-F4D44435E5D2}
c:\users\Daniel\AppData\Local\{AD31C182-7E52-4D3F-94DF-A4E07C4003CA}
c:\users\Daniel\AppData\Local\{037999AA-78E7-4616-8154-6D2596033D07}
c:\users\Daniel\AppData\Local\{58945FFF-F4FE-40A5-8EE7-0E315FBBDC1B}
c:\users\Daniel\AppData\Local\{28E389D7-96A8-4747-B865-DB2E70BF0AEA}
c:\users\Daniel\AppData\Local\{AD7C9BDE-F043-4629-BC1A-20FFBEBF7BC1}
c:\users\Daniel\AppData\Local\{5DA92F50-ECF1-4A77-8392-995E70DB13AC}
c:\users\Daniel\AppData\Local\{4C35971C-B476-4016-805B-7B48060F7780}

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-09-23 18:13 2734688 ----a-w- c:\program files\Zynga\tbZyn1.dll

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2008-05-21 00:43 1526296 ----a-w- c:\program files\TorrentMan\tbTor0.dll

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 19:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor0.dll" [2008-05-21 1526296]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-09-23 2734688]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]

[-HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[-HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]

[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Reglock::

[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:23,53,e5,e9,a9,11,c1,6d,9a,ae,23,84,97,8a ,ef,5f,e1,cc,4c,86,72,d9,4a,
e7,dc,9b,75,10,5e,9c,39,77,0f,4d,6e,93,6f,08,9f,6b ,c2,d0,cb,62,10,11,67,76,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab ,ca,0d

[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,9c,2b,99,76,34,f3,02,ca,0c,97,19 ,d1,8b,0d,f5,fa,a4,21,aa,46,
e4,67,e9,ce,51,06,07,4b,a8,35,0f,e6,15,53,d1,f0,4c ,4a,d5,d8,e9,2d,6c,1f,dd,\
"rkeysecu"=hex:60,70,43,f3,da,ef,3e,d6,ef,b3,2d,9f ,1f,cb,31,f1

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000




3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!








ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Please post an uninstall list using hijackthis.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.  Then copy and paste that log back here along with the combofix log and a fresh hijackthis log.


----------



## ohhh nooooo

Hi John

I did as requested, below are the reports.

ComboFix 11-04-28.03 - Daniel 29/04/2011  13:45:23.2.2 - x86
Running from: c:\users\Daniel\Downloads\ComboFix.exe
Command switches used :: c:\users\Daniel\Desktop\CFScript.txt
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Daniel\AppData\Local\{037999AA-78E7-4616-8154-6D2596033D07}
c:\users\Daniel\AppData\Local\{0D557F21-0FFC-4F91-9B50-CAB79F60D4E0}
c:\users\Daniel\AppData\Local\{28E389D7-96A8-4747-B865-DB2E70BF0AEA}
c:\users\Daniel\AppData\Local\{4C35971C-B476-4016-805B-7B48060F7780}
c:\users\Daniel\AppData\Local\{58945FFF-F4FE-40A5-8EE7-0E315FBBDC1B}
c:\users\Daniel\AppData\Local\{5DA92F50-ECF1-4A77-8392-995E70DB13AC}
c:\users\Daniel\AppData\Local\{A79D7121-4214-41A6-BA0C-D23E0DD1CD54}
c:\users\Daniel\AppData\Local\{AD31C182-7E52-4D3F-94DF-A4E07C4003CA}
c:\users\Daniel\AppData\Local\{AD7C9BDE-F043-4629-BC1A-20FFBEBF7BC1}
c:\users\Daniel\AppData\Local\{B43405BA-E111-4FC3-B5EB-F4D44435E5D2}
c:\users\Daniel\AppData\Local\{DDDF88E5-3148-4AD3-AC87-3677477D4A2A}
c:\users\Daniel\AppData\Local\{F37C78FF-C9AF-4395-B36E-C9682A859F01}
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-28 to 2011-04-29  )))))))))))))))))))))))))))))))
.
.
2011-04-29 12:32 . 2011-04-29 12:32	--------	d-----w-	c:\users\Daniel\AppData\Local\{E810439A-4933-4878-B3F7-103FFF830CE0}
2011-04-28 20:48 . 2011-04-28 20:48	388096	----a-r-	c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-04-28 20:48 . 2011-04-28 20:48	--------	d-----w-	c:\program files\Trend Micro
2011-04-28 19:27 . 2011-04-28 19:27	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Malwarebytes
2011-04-28 19:27 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-28 19:27 . 2011-04-28 19:27	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-28 19:27 . 2011-04-28 19:27	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-28 19:27 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-28 15:56 . 2011-04-28 15:56	784136	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-28 15:55 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 15:55 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 15:54 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-04-25 17:46 . 2010-10-13 21:28	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2011-04-25 17:46 . 2010-10-13 21:28	24376	----a-w-	c:\program files\Mozilla Firefox\components\Scriptff.dll
2011-04-25 17:45 . 2010-10-13 21:28	141792	----a-w-	c:\windows\system32\mfevtps.exe
2011-04-25 17:45 . 2010-10-13 21:28	95600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2011-04-25 17:45 . 2010-10-13 21:28	84264	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2011-04-25 17:45 . 2010-10-13 21:28	64304	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2011-04-25 17:45 . 2010-10-13 21:28	55840	----a-w-	c:\windows\system32\drivers\cfwids.sys
2011-04-25 17:45 . 2010-10-13 21:28	313288	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2011-04-25 17:45 . 2010-10-13 21:28	164840	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2011-04-17 22:21 . 2011-04-17 22:21	--------	d-----w-	c:\programdata\TorrentEasy
2011-04-16 11:39 . 2011-04-16 11:39	--------	d-----w-	c:\users\Daniel\AppData\Local\Trusteer
2011-04-15 21:01 . 2011-02-16 14:02	292864	----a-w-	c:\windows\system32\atmfd.dll
2011-04-15 21:01 . 2011-02-16 16:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-04-15 21:01 . 2011-02-22 13:24	213504	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-04-15 21:01 . 2011-02-22 13:24	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-04-15 21:01 . 2011-02-22 13:23	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-04-15 21:01 . 2011-02-22 13:23	69632	----a-w-	c:\windows\system32\drivers\bowser.sys
2011-04-15 21:00 . 2011-03-10 17:03	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-04-15 21:00 . 2011-03-10 17:03	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-04-15 21:00 . 2011-02-18 14:03	305152	----a-w-	c:\windows\system32\drivers\srv.sys
2011-04-15 21:00 . 2011-02-18 14:03	146432	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-04-15 21:00 . 2011-02-18 14:03	102400	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-04-15 21:00 . 2011-03-02 15:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-15 21:00 . 2009-05-04 09:59	25088	----a-w-	c:\windows\system32\dnscacheugc.exe
2011-04-15 20:59 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 20:59 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-04-15 20:59 . 2011-03-03 10:50	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-08 09:17 . 2011-04-08 09:17	53816	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2011-04-03 15:20 . 2011-04-03 15:25	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Garden Planner
2011-04-03 15:20 . 2011-04-03 15:20	--------	d-----w-	c:\programdata\Garden Planner
2011-04-03 15:20 . 2011-04-03 15:20	--------	d-----w-	c:\program files\Garden Planner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 21:11 . 2011-03-17 21:11	161792	----a-w-	c:\windows\system32\msls31.dll
2011-03-17 21:11 . 2011-03-17 21:11	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-03-17 21:11 . 2011-03-17 21:11	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-03-17 21:11 . 2011-03-17 21:11	86528	----a-w-	c:\windows\system32\iesysprep.dll
2011-03-17 21:11 . 2011-03-17 21:11	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-03-17 21:11 . 2011-03-17 21:11	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-03-17 21:11 . 2011-03-17 21:11	63488	----a-w-	c:\windows\system32\tdc.ocx
2011-03-17 21:11 . 2011-03-17 21:11	367104	----a-w-	c:\windows\system32\html.iec
2011-03-17 21:11 . 2011-03-17 21:11	74752	----a-w-	c:\windows\system32\iesetup.dll
2011-03-17 21:11 . 2011-03-17 21:11	23552	----a-w-	c:\windows\system32\licmgr10.dll
2011-03-17 21:11 . 2011-03-17 21:11	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2011-03-17 21:11 . 2011-03-17 21:11	152064	----a-w-	c:\windows\system32\wextract.exe
2011-03-17 21:11 . 2011-03-17 21:11	150528	----a-w-	c:\windows\system32\iexpress.exe
2011-03-17 21:11 . 2011-03-17 21:11	420864	----a-w-	c:\windows\system32\vbscript.dll
2011-03-17 21:11 . 2011-03-17 21:11	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-03-17 21:11 . 2011-03-17 21:11	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2011-03-17 21:11 . 2011-03-17 21:11	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-03-17 21:11 . 2011-03-17 21:11	11776	----a-w-	c:\windows\system32\mshta.exe
2011-03-17 21:11 . 2011-03-17 21:11	101888	----a-w-	c:\windows\system32\admparse.dll
2011-03-17 21:11 . 2011-03-17 21:11	35840	----a-w-	c:\windows\system32\imgutil.dll
2011-03-17 21:11 . 2011-03-17 21:11	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-03-13 13:20 . 2010-06-24 11:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-28 15:55	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 15:55	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 15:55	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 15:55	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-22 19:52	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-22 19:52	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-22 19:52	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-02-02 21:40 . 2010-07-12 22:03	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-13 21:28 . 2011-04-25 17:46	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-07 68856]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"NDSTray.exe"="NDSTray.exe" [BU]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-16 30192]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-04-24 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-08 6037504]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-09-26 417792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-01-17 1193848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-16 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2008-04-16 954368]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-04-08 53816]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-04-28 20384]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S1 RapportCerberus_25973;RapportCerberus_25973;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [2011-04-14 57144]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-04-08 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-04-08 158904]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2008-04-16 40960]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-04-08 870200]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [2008-04-24 99720]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2008-02-06 126976]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-08-25 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
2011-03-17 21:11	114176	----a-w-	c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:29]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:29]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590934792-190235506-1732831347-1000Core.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 16:54]
.
2011-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-590934792-190235506-1732831347-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-18 16:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSEA&bmod=TSEA
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\ncro8ecg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: [email protected] - %profile%\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-29 13:59
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:23,53,e5,e9,a9,11,c1,6d,9a,ae,23,84,97,8a,ef,5f,e1,cc,4c,86,72,d9,4a,
   e7,dc,9b,75,10,5e,9c,39,77,0f,4d,6e,93,6f,08,9f,6b,c2,d0,cb,62,10,11,67,76,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
.
[HKEY_USERS\S-1-5-21-590934792-190235506-1732831347-1000\Software\SecuROM\License information*]
"datasecu"=hex:10,9c,2b,99,76,34,f3,02,ca,0c,97,19,d1,8b,0d,f5,fa,a4,21,aa,46,
   e4,67,e9,ce,51,06,07,4b,a8,35,0f,e6,15,53,d1,f0,4c,4a,d5,d8,e9,2d,6c,1f,dd,\
"rkeysecu"=hex:60,70,43,f3,da,ef,3e,d6,ef,b3,2d,9f,1f,cb,31,f1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4080)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\users\Daniel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Completion time: 2011-04-29  14:02:38
ComboFix-quarantined-files.txt  2011-04-29 13:02
ComboFix2.txt  2011-04-28 22:54
.
Pre-Run: 19,029,934,080 bytes free
Post-Run: 19,006,402,560 bytes free
.
- - End Of File - - B30892C6AF06C5C7340055E3CA13192C



Uninstall List...

 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.15 beta
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8.1.4
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
BitLord 1.1
Bonjour
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Command & Conquer 3
Compatibility Pack for the 2007 Office system
CutePDF Writer 2.8
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DoremiSoft AVI to MP4 Converter 1.0
DVD MovieFactory for TOSHIBA
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free Mp3 Wma Converter V 1.91
FreeArc 0.666
FreezeSMS
Full Tilt Poker
Garden Planner 2.5
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
GPL Ghostscript 8.63
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java(TM) 6 Update 24
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 4.0.0 (Full)
LG USB Modem driver
Malwarebytes' Anti-Malware
McAfee Internet Security
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Internet Explorer 5 Toolbar Wallpaper
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Click-to-Run 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.16)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
myphotobook 3.6
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
PartyPoker
Project64 1.6
QuickTime
Rapport
Rapport
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Mouse Server version 1.05
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
Serif PagePlus SE 1.0
Sky Broadband
Sky Broadband Browser Branding
SmartDraw PDF Filter
Synaptics Pointing Device Driver
The KMPlayer (remove only)
TorrentMan Toolbar
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA Manuals
Toshiba Online Product Information
TOSHIBA Recovery Disc Creator
TOSHIBA Software Modem
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TRDCReminder
TRORDCLauncher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 1.1.7
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinZip 14.5
Zynga Toolbar


New hijackthis report...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:59:22, on 28/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Daniel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110425184608.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor0.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Remote Mouse Server.lnk = C:\Program Files\Remote Mouse Server\RemoteMouse.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\Program Files\Internet Explorer\Toolbar\toolbar.hta
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13644 bytes


----------



## ohhh nooooo

Also John, I dont remember having a Local Disk (Q) but its there, it doesnt say total size or free space and when i click on it it says not accessible, access is denied?


----------



## johnb35

Please uninstall the following programs via add/remove programs in control panel 

Adobe Reader 8.1.4
Ask Toolbar
Java(TM) 6 Update 6
Java(TM) 6 Update 7
TorrentMan Toolbar
Zynga Toolbar

Then go here to download the latest adobe reader software.

http://get.adobe.com/reader/?promoid=BUIGO

All those hijackthis entries I asked you to fix are still there, did you run the fix?  If not please redo the hijackthis scan and place check marks next to those entries if they are there.

Reboot the pc and post a fresh hijackthis log.

Can you give me a screenshot of your disk management screen please?


----------



## ohhh nooooo

I uninstalled all programs except the ask toolbar. It gave me the error message:

Error 2738.Could not access VBScript run time for custom action.

I did run the fix first time round so not sure why that happened. Anyway I did it again and below is a new report and link to screen print

http://www.picvalley.net/v.php?p=u/1814/13565945217665627771304119952NqYSq6Y4mYwAfcSHrlDU.JPG



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:14:01, on 30/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110425184608.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Remote Mouse Server.lnk = C:\Program Files\Remote Mouse Server\RemoteMouse.exe
O4 - Global Startup: TOSHIBA Face Recognition Watcher.lnk = C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
O23 - Service: Notebook Performance Tuning Service  (TempoMonitoringService) - Toshiba Europe GmbH - C:\Program Files\Toshiba TEMPRO\TempoSVC.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10293 bytes


----------



## johnb35

According to that link you posted there is no local disk Q, only a hidden partition labeled eisa configuration which needs to be left alone as that is part of your recovery program.  

Unfortunately, infections can cause issues that won't go back to normal after removing it.  So either you will have to try fixing those issues manually or just deal with it until you can reinstall windows.  If you can list your current issues, maybe I can offer some suggestions on what to do to try and fix them.


----------



## ohhh nooooo

Thank you for ur help. Things seem to be back to normal now. My only questions if there is any way to tell if the viruses managed to do their job? Did they steal any data, cause any harm? I can't understand why my av didn't pick 13 up, and it took a free download to fix when I had a full av version?


----------



## johnb35

There isn't one program out there that will catch everything.  If you really want to protect yourself better then I would suggest buying the paid version of Malwarebytes.  It's an active malware scanner when ever your computer is on.  It updates usually more than once a day, the company is very good about keeping up with the latest malware that comes out on a daily basis.  Are you using a  web site search advisor like Web of Trust or something similar?  These type of broswer addons tell you if a website it safe to visit or not when doing searches.

Also remember that there are only about 5 percent of todays infections are actually viruses, the other 95 percent are actually rogue malware programs.  Everyday there are around 5 to 10 new rogue programs come out.

You are safe as long as you didn't enter any credit card information when those rogue programs started appearing telling you that you needed to buy their software to rid your pc of infections.

I run the free version of Avast with the free version of Malwarebytes.  Avast comes with a site advisor addon called Webrep.


----------



## tee

*help?*

So as described in the very first post, I had the same exact problem with my laptop. I was able to download and run malwarebytes anti-malware in safe mode. however upon restarting my lap top there is alot missing that I dont know how to replace. For instance, i already knew everything was gone, the only icons there are the malwarebytes and the hijackthis and the installer for malwarebytes. but how do i recover the basics like the internet explorer icon, the recyle bin so on and so forth?


----------



## tee

*Also...*

Sorry for a double post, but as an afterthought would it make sense to restore from a restore point?

I am sorry to bother ya'll and I thank you in advance, I just don't know what to do...


----------



## johnb35

It's possible that the virus has changed a desktop setting.  Are you running xp?  If so right click on the desktop and make sure show desktop icons is checked. I'm at work right now and can help you better when I get home in about an hour.


----------



## tee

I would appreciate that more than you could ever imagine. I am a college student and have class bright and early in the morning...
However, yes I am running windows xp vista, and that was the first thing I tried but "View>Show Desktop Icons" is indeed checked.


----------



## tee

John, i just wanted to thank you for your response before. I did some more research and ran unhide.exe and it seems to have worked. I cant believe I still have all my pictures and documents and everything. Once again thank you. I was running microsoft security essentials, but it seems like i will probably go purchase other software. Personally I have usually used stopzilla in the past, just recently it expired and i just didnt have the money to renew but it seems much worth the sacrifice now haha
thank you so much, you guys are angels! =]


----------



## johnb35

So everything is working fine now?  If you want to make sure your system is clean you can post your malwarebytes and hijackthis logs for me to go through.


----------



## tee

that would be awesome, I will run them in just a minute..


----------



## tee

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:45:13 PM, on 5/4/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=ML6720
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
O4 - HKLM\..\Run: [Spare Backup] "C:\Program Files\Spare Backup\SpareBackup.exe" /silent
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8715 bytes


----------



## tee

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6508

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

5/4/2011 10:55:02 PM
mbam-log-2011-05-04 (22-55-02).txt

Scan type: Quick scan
Objects scanned: 151094
Time elapsed: 8 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## johnb35

Ok, I see some software that is installed that we need to get rid of.  Please do this.

Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it.  Then copy and paste that log back here.  

Are you using dial up internet from netzero?


----------



## tee

no we used to, we have comcast now..
and heres the log:


 Update for Microsoft Office 2007 (KB2508958)
 Update for Microsoft Office 2007 (KB2508958)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Agere Systems HDA Modem
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BearShare
BearShare
Bonjour
Browser Address Error Redirector
CCleaner
CCScore
Download Updater (AOL LLC)
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
Express Burn
Gateway Connect
Gateway Game Console
Gateway Recovery Center Installer
Geek Squad 24 Hour Computer Support
Google Gears
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Java(TM) SE Runtime Environment 6 Update 1
kgcbase
Kodak EasyShare software
Malwarebytes' Anti-Malware
MediaBar
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft VC9 runtime libraries
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
netbrdg
OfotoXMI
OGA Notifier 2.0.0048.0
Power2Go 5.0
Prism Video Converter
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
RealUpgrade 1.1
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint 2007 (KB2464594)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
SigmaTel Audio
skin0001
SKINXSDK
Spare Backup
staticcr
Synaptics Pointing Device Driver
tooltips
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2522999)
Viewpoint Media Player
VPRINTOL
WIRELESS


----------



## johnb35

Ok, then please uninstall the following programs via add/remove programs in control panel.

Adobe Reader 8.1.6
BearShare
Java(TM) SE Runtime Environment 6 Update 1
Viewpoint Media Player

Then go here to download the latest versions of java and adobe reader.

http://www.java.com/en/download/index.jsp

http://get.adobe.com/reader/?promoid=BUIGO

Just make sure you uncheck mcafee security scan on the adobe download.

Then rerun hijackthis and place checks next to the following entries.

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net

Then click on fix checked at the bottom.

Download and run ccleaner.

http://download.cnet.com/ccleaner/

After downloading and installing the program, open it up and click on run cleaner.  This will delete all the temporary internet files and system files which will make your system and browser faster.


----------



## tee

amazing..i really cant thank you enough...everything seems to be okay, except a few of the items you told me to delete wont go away...like bearshare and aim ive been trying to get rid of forever now, but it still wont work...after a scare like today though, ill take it if thats the worst to come you know...thanks again John =]


----------



## johnb35

What happens when you try uninstalling bearshare and aim?  What kind of messages do you get?


----------



## johnb35

Ok everyone that has posted to this thread, I have moved your issues to separate threads as it was getting really hard for me to figure out posts and such.   Here is a list of users that have posted in this thread and links to where you issue has been moved to.  Please start using the new threads.  


Everyone else that comes across this thread with the same issue, PLEASE make a new thread with your issue and I will be with you as soon as I can.

Rina.eve - http://www.computerforum.com/196279-rina-eve-infection-thread.html
Kandila20 - http://www.computerforum.com/196280-kandila20-infection-thread.html
Euphoriic - http://www.computerforum.com/196282-euphoriic-infection-thread.html
Kings45 - http://www.computerforum.com/196281-kings45-infection-thread.html
Of_My_Birth - http://www.computerforum.com/196283-of_my_birth-infection-thread.html


----------

