IE Firefox MAJOR issues!

Solved
Thread Status:
Not open for further replies.
  1. Habmaster

    Habmaster New Member Bronze Member

    Joined:
    Aug 31, 2009
    Posts:
    5
    Likes Received:
    0
    Local time:
    00:29
    My System
    Loading...

    hey there!

    ok - Ill try to make this as short as possible - and I'll thank you in advance for taking the time to read this thread - here goes!

    my girlfriends laptop has suddenly been experiencing browser issues - what kind you ask? the ones that make you want to puke.

    it is a:

    Toshiba Notebook
    Legitimate Windows Vista 32 service pack 1
    64x2 dual core AMD 1.90ghz
    2 gigs ram

    for some reason when I open either IE or Firefox on this badboy, I get to the set home page (google.ca) just fine - but when I type in the search bar and hit go - she crashes - here's the weird part, if I open either browser set to google, and hit image search before anything, THEN type in a search , the results come with no errors - and Im able to click on the images and go to the site that is hosting them - sometimes I can even navigate the site thats hosting them - I know, right? - I also changed the homepage to msn.com and it loads up - but I hit a link on there and she crashes.

    "bla bla bla, Don - tell us what youve done to try to fix it....."

    ---Ad Aware - full scan - no errors
    ---NAV scan - full 2 hour scan - no errors
    ---deleted Firefox and reinstalled
    ---got rid of all unnecessary add ons for both browsers
    ---searched for windows updates
    ---Ran RegCure - found a bunch of problems and fixed them all (presumably)
    ---Ran Hijackthis but am unsure what to look at in the log (so I attached it to this post)
    ---punched things and swore at them
    ---searched the internet for hours and hours for a similar problem, then just signed up here and Bobs yer uncle.

    Im going absolutely batty over this - any help would be greatly appreciated

    thanks again
    Don

    Attached Files:

  2. Hengis

    Hengis Proud PCHF'er since 2004 Tech Member Elite Member

    Joined:
    Jan 1, 2004
    Posts:
    41,340
    Likes Received:
    5,660
    Location:
    Southern UK
    Local time:
    00:29
    My System
    Loading...

    Welcome to the site.

    Let's get a quick assessment on your attached file, then we'll know what we're facing...
  3. Habmaster

    Habmaster New Member Bronze Member

    Joined:
    Aug 31, 2009
    Posts:
    5
    Likes Received:
    0
    Local time:
    00:29
    My System
    Loading...

    sexcellent!

    And sorry for posting in the wrong area....
  4. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    09:29
    My System
    Loading...

    Hi.Welcome to the forum.
    Run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.40 Download
    Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com


    Double Click mbam-setup.exe to install the application.
    If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
    PLEASE NOTE:
    If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
    Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

    =====================================================================================


    You will need to download ComboFix.exe. This will give a better view to the files running, those that are hidden, and also those in the registry..Please download from one of these webpages .

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    http://www.forospyware.com/sUBs/ComboFix.exe


    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

    If you are using Firefox, make sure that your download settings are as follows:
    Tools->Options->Main tab
    Set to "Always ask me where to Save the files".

    Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Double-click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Recovery Console can be installed from your disc if you have Vista if you wish.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    [​IMG]
    Click on Yes to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.
  5. Habmaster

    Habmaster New Member Bronze Member

    Joined:
    Aug 31, 2009
    Posts:
    5
    Likes Received:
    0
    Local time:
    00:29
    My System
    Loading...

    sweet - Im gonna try this - and I'm in Victoria too! - British Columbia, Canada that is....
  6. Habmaster

    Habmaster New Member Bronze Member

    Joined:
    Aug 31, 2009
    Posts:
    5
    Likes Received:
    0
    Local time:
    00:29
    My System
    Loading...

    hmmm - Im not sure how to put this, but Ive got me a bromance with you right now - it totally worked - I am going to add the scan from Malwarebytes' Anti-Malware and the new hijack this log below for you to see and perhaps for others to see and hopefully help them out. I did not need to run Combofix as the problem was solved by the first suggestion.

    I cant thank you enough for your help - my girlfriend shall be pleased!

    much appreciated,

    Don - Victoria, BC, Canada

    -------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.40
    Database version: 2723
    Windows 6.0.6001 Service Pack 1

    31/08/2009 5:03:41 PM
    mbam-log-2009-08-31 (17-03-41).txt

    Scan type: Quick Scan
    Objects scanned: 99667
    Time elapsed: 6 minute(s), 44 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\System32\kbiwkmpexqwoif.dll (Rootkit.TDSS) -> Delete on reboot.
    C:\Windows\System32\kbiwkmtiseeufq.dll (Rootkit.TDSS) -> Delete on reboot.
    C:\Windows\System32\drivers\kbiwkmxtvfhxtg.sys (Rootkit.TDSS) -> Delete on reboot.

    -------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:14:25 PM, on 31/08/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\ltmoh\ltmoh.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynToshiba.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\system32\conime.exe
    C:\Users\Kristi\Downloads\Documents\My Received Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.ca - Canada's Breaking News, Entertainment, Music, Life & Style and Email
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.ca - Canada's Breaking News, Entertainment, Music, Life & Style and Email
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Linksys EasyLink Advisor.lnk = C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

    --
    End of file - 10428 bytes
  7. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    09:29
    My System
    Loading...

    We will need the Combofix to be run as there will be leftover files from the rootkit that may need to be removed....
  8. Habmaster

    Habmaster New Member Bronze Member

    Joined:
    Aug 31, 2009
    Posts:
    5
    Likes Received:
    0
    Local time:
    00:29
    My System
    Loading...

    sorry about that - here it is:


    ComboFix 09-08-31.03 - xxxxxx 31/08/2009 17:56.1.2 - NTFSx86
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.1917.1029 [GMT -7:00]
    Running from: c:\users\xxxxxxx\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1731352543-3892579127-1766459742-500
    c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
    c:\users\Kristi\AppData\Roaming\inst.exe
    c:\windows\Installer\67e13e5.msi
    c:\windows\Installer\WMEncoder.msi
    c:\windows\system32\kbiwkmomuwriqw.dat
    c:\windows\system32\kbiwkmsycexvnb.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_kbiwkmpoeippei
    -------\Service_kbiwkmpoeippei


    ((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
    .

    2009-09-01 01:04 . 2009-09-01 01:20 -------- d-----w- c:\users\Kristi\AppData\Local\temp
    2009-09-01 01:04 . 2009-09-01 01:04 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-09-01 00:53 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-09-01 00:53 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-09-01 00:53 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-09-01 00:53 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-09-01 00:53 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-09-01 00:53 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-09-01 00:53 . 2009-08-17 16:05 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-09-01 00:53 . 2009-09-01 00:53 -------- d-----w- c:\program files\Alwil Software
    2009-08-31 23:50 . 2009-08-31 23:50 -------- d-----w- c:\users\Kristi\AppData\Roaming\Malwarebytes
    2009-08-31 23:50 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-08-31 23:50 . 2009-08-31 23:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-08-31 23:50 . 2009-08-31 23:50 -------- d-----w- c:\programdata\Malwarebytes
    2009-08-31 23:50 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-08-31 22:20 . 2009-08-31 22:20 -------- d-----w- C:\VundoFix Backups
    2009-08-31 19:47 . 2009-08-31 19:47 39936 ----a-w- c:\users\Kristi\AppData\Roaming\Thinstall\RegCure 1.6.0.0\1000000600002i\verclsid.exe
    2009-08-31 19:45 . 2009-08-31 19:45 39936 ----a-w- c:\users\Kristi\AppData\Roaming\Thinstall\RegCure 1.6.0.0\400000df00002i\firefox.exe
    2009-08-31 19:41 . 2009-08-31 19:41 39936 ----a-w- c:\users\Kristi\AppData\Roaming\Thinstall\RegCure 1.6.0.0\4000008000002i\Splash Screen.exe
    2009-08-31 19:41 . 2009-08-31 19:41 -------- d-----w- c:\users\Kristi\AppData\Roaming\Thinstall
    2009-08-31 19:41 . 2009-08-31 19:41 -------- d-----w- c:\users\Kristi\AppData\Local\Thinstall
    2009-08-31 18:03 . 2009-08-31 18:03 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-08-26 06:55 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-08-26 02:23 . 2009-06-05 12:34 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-26 02:23 . 2009-06-05 10:08 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-18 03:52 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-08-18 03:51 . 2009-08-18 03:52 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
    2009-08-18 03:51 . 2009-07-08 17:28 2920112 -c--a-w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
    2009-08-18 03:51 . 2009-08-18 03:52 -------- d-----w- c:\programdata\Lavasoft
    2009-08-18 03:51 . 2009-08-18 03:51 -------- d-----w- c:\program files\Lavasoft
    2009-08-16 23:07 . 2009-08-16 23:07 -------- d-----w- c:\programdata\vsosdk
    2009-08-16 19:53 . 2002-12-10 10:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
    2009-08-13 11:56 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-08-13 11:56 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
    2009-08-13 11:56 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2009-08-13 11:56 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
    2009-08-13 11:56 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
    2009-08-13 11:56 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
    2009-08-13 11:56 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
    2009-08-13 11:56 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
    2009-08-13 09:35 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
    2009-08-13 09:35 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
    2009-08-13 09:35 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-08-13 09:35 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
    2009-08-13 09:35 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-08-13 09:35 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
    2009-08-13 09:35 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
    2009-08-13 09:35 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-31 22:20 . 2008-02-22 18:10 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-08-31 18:19 . 2007-08-23 18:56 -------- d-----w- c:\program files\Java
    2009-08-26 20:14 . 2009-06-05 03:33 -------- d-----w- c:\programdata\Electronic Arts
    2009-08-26 19:41 . 2007-08-23 19:09 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-08-26 16:31 . 2009-02-23 02:01 -------- d-----w- c:\program files\vso
    2009-08-26 16:30 . 2009-02-23 02:13 47360 ----a-w- c:\users\Kristi\AppData\Roaming\pcouffin.sys
    2009-08-26 16:30 . 2009-02-23 02:13 47360 ----a-w- c:\users\Kristi\AppData\Roaming\pcouffin.sys
    2009-08-26 16:30 . 2009-02-23 02:13 -------- d-----w- c:\users\Kristi\AppData\Roaming\Vso
    2009-08-26 16:28 . 2008-02-22 18:22 -------- d-----w- c:\program files\DivX
    2009-08-26 07:36 . 2008-05-03 05:48 -------- d-----w- c:\program files\Common Files\Adobe
    2009-08-18 04:03 . 2008-01-28 01:09 -------- d-----w- c:\program files\BitLord
    2009-08-13 10:05 . 2007-09-02 11:39 -------- d-----w- c:\programdata\Microsoft Help
    2009-08-13 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-08-06 04:00 . 2008-10-02 16:15 20 ---h--w- c:\programdata\PKP_DLdu.DAT
    2009-07-31 22:23 . 2008-11-25 21:19 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-07-25 07:17 . 2008-11-28 06:54 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-07-21 21:52 . 2009-07-28 18:46 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-21 21:47 . 2009-07-28 18:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-07-21 21:47 . 2009-07-28 18:46 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-07-21 20:13 . 2009-07-28 18:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-07-18 04:54 . 2009-07-18 04:53 -------- d-----w- c:\program files\iTunes
    2009-07-18 04:54 . 2009-07-18 04:54 -------- d-----w- c:\program files\iPod
    2009-07-18 04:54 . 2008-02-16 07:04 -------- d-----w- c:\program files\Common Files\Apple
    2009-07-18 04:50 . 2009-07-18 04:50 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
    2009-07-06 18:01 . 2008-01-28 00:00 -------- d-----w- c:\users\Kristi\AppData\Roaming\InstallShield
    2009-06-15 15:24 . 2009-07-14 17:23 156672 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 15:20 . 2009-07-14 17:23 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-15 15:20 . 2009-07-14 17:23 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-06-15 12:52 . 2009-07-14 17:23 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-06-11 16:57 . 2008-04-25 06:31 7268 ----a-w- c:\users\Kristi\AppData\Local\d3d9caps.dat
    2009-06-10 12:52 . 2009-06-10 12:52 347648 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
    2009-06-05 03:33 . 2008-01-27 23:58 128784 ----a-w- c:\users\Kristi\AppData\Local\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 39408]
    "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
    "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
    "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
    "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
    "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
    "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
    "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-01-09 451896]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
    "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-08-09 4702208]
    "NDSTray.exe"="NDSTray.exe" [BU]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Linksys EasyLink Advisor.lnk - c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe [2008-3-7 110592]
    Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2687191316-2937880121-720825284-1003]
    "EnableNotificationsRef"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{F220A67B-A726-441C-9FAD-473677DE7ED7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "TCP Query User{FFA3E1BF-1CEF-4EF1-8F0C-A26EC604FEE9}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
    "UDP Query User{48F0C0DC-7481-43D2-A1B2-6067812E7C54}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
    "TCP Query User{6FC4A784-FA0E-48FF-9BCF-33417B3DCA91}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
    "UDP Query User{413EDA36-267C-4B8E-B139-14F07A938395}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
    "{D4825F80-DD06-4434-819D-EBF461C07397}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{DD17042F-2231-4C5D-89A5-582E6C49CFC2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{CA851545-34CD-4D3A-A759-A767FBAED13B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{70DB2B20-D20C-4CD2-8962-766AC16A4567}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "TCP Query User{37E581A8-5B62-4486-8C1B-37C00803DBE1}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "UDP Query User{A908E296-2BAE-4E10-999D-9ACF24CFD6A3}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
    "{6AD35046-B3A3-463C-93B1-B5514EA8BE1B}"= TCP:67:DHCP Discovery Service
    "{E707013D-6B3D-4C18-A418-BD76F76B9E59}"= TCP:67:DHCP Discovery Service
    "{A76AD02E-DF60-4891-80D9-66B3E96E7697}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "{F9FBFB44-360C-4208-BB9E-697D720D8BFF}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
    "TCP Query User{F6FBC73E-70F1-4799-BA63-D619F82E0E89}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "UDP Query User{6F7679EB-E02A-4652-BD8C-349003CC93E1}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer
    "TCP Query User{A1572962-681C-416D-9E63-B19612098B92}c:\\users\\kristi\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:c:\users\kristi\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "UDP Query User{447EFBCB-BA9E-4A16-85A5-C7823384798A}c:\\users\\kristi\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:c:\users\kristi\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
    "{C91DF4FB-8828-4374-B2F2-39FA07F0910F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{3EE6A219-EE06-4AD5-AC83-943960CFE90D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
    "{20BE341E-44FF-4DC7-9C36-705389EBF0A7}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{49A0C1D9-544C-451D-BAB3-8EB8710D3D0D}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
    "{C89959D8-756E-43CD-BC50-98507A4BA788}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
    "{8EF4254D-502F-4710-8FD8-29157C453BEE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
    "{480E6D13-956B-4AF1-80A5-56E571148328}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service
    "{7ADF1FD2-793C-4AAD-890D-9ADABEF9F991}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service
    "{48DC6A0A-B849-48F4-A767-A2BE20218606}"= UDP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service
    "{F5FE6020-189C-4F0D-A2CB-4C29F080BF28}"= TCP:c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:pure Networks Platform Service

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [17/08/2009 8:52 PM 64160]
    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [31/08/2009 5:53 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [31/08/2009 5:53 PM 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [31/08/2009 5:53 PM 53328]
    R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 6:50 PM 30312]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 7:49 AM 1029456]
    R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [18/02/2008 2:16 PM 204800]
    R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [02/09/2007 4:50 AM 7168]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [10/06/2009 5:52 AM 347648]
    S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 10:31 PM 29263712]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - ASWFSBLK
    *NewlyCreated* - ASWMONFLT
    *NewlyCreated* - ASWRDR
    *NewlyCreated* - ASWSP
    *NewlyCreated* - ASWTDI

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-08-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.ca/
    mStart Page = hxxp://www.shoptoshiba.ca/welcome
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Kristi\AppData\Roaming\Mozilla\Firefox\Profiles\c1v8b3yh.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_ca&p=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-31 18:20
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(5812)
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\windows\System32\Ati2evxx.exe
    c:\windows\System32\audiodg.exe
    c:\windows\System32\Ati2evxx.exe
    c:\program files\Alwil Software\Avast4\aswUpdSv.exe
    c:\program files\Alwil Software\Avast4\ashServ.exe
    c:\windows\System32\agrsmsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Toshiba\ConfigFree\CFSvcs.exe
    c:\windows\System32\java.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\System32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\windows\System32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Toshiba\ConfigFree\NDSTray.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\program files\Alwil Software\Avast4\ashDisp.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\System32\notepad.exe
    c:\windows\System32\dllhost.exe
    .
    **************************************************************************
    .
    Completion time: 2009-09-01 18:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-09-01 01:25

    Pre-Run: 34,144,456,704 bytes free
    Post-Run: 35,659,923,456 bytes free

    288 --- E O F --- 2009-08-31 18:05
  9. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    4,104
    Likes Received:
    12
    Location:
    Victoria, Australia
    Local time:
    09:29
    My System
    Loading...

    Ok.Thats fixed the last of the files and the rest of the log is ok so you should be fine now......

    This will clear away any of the files and folders that were created by ComboFix.
    Go to :
    Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

    ComboFix /u

    Please read these for future reference it may save you future problems with malware:
    http://www.pchelpforum.com/new-hijackthis-logs/55163-warnings-re-p2p-sharing-sites.html
    http://www.pchelpforum.com/new-hijackthis-logs/57400-how-did-i-get-infected.html
    http://www.pchelpforum.com/progress-hijackthis-logs/59327-now-you-all-clean-afterwork.html
Similar Threads
Forum Title Date
System Security Microsoft Security Essentials and FireFox Jan 25, 2014
System Security Slow computer, firefox not responding Sep 5, 2013
System Security Removing TopArcadeHits from Firefox Aug 22, 2013
System Security Mozzila Firefox is hacked Jul 15, 2013

Thread Status:
Not open for further replies.