need the best program

February 17, 2010 at 19:04:01
Specs: Windows Vista
My pc has been hijacked. :(

I have tried malwarebytes, microsoft security essentials, norton, macafee, avg, a squared, and many more.

How do I fix this?

(Sorry about any spelling errors of products)


See More: need the best program

Report •

#1
February 17, 2010 at 19:32:01
Are you getting redirected from web pages, fake anyivirus programs or ransomeware?

This scan will help us determine which procedure to use to begin removing the malware.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
February 18, 2010 at 05:31:00
Hello, Thanks for your reply. I am trying to reply back and when I put the logs in, it will not place the reply in here. I will try one at a time.

Report •

#3
February 18, 2010 at 05:32:23
Hi,

Thank you for your reply. :)
I get redirected and a page says install this antivrus or do this scan, etc. Also, e-mails are being sent that I did not send, and I could not even open a browser, control panel, system restore, Word, or Excel yesterday. It kept saying it was not a valid windows app. And when I type a url, hit enter, I see % signs all through it, as is the same for some classmate's urls I have seen them post, urls have % signs in them.
I hope I am supposed to copy and paste the logs. I do not know how to add them as a link. Sorry if I do it wrong.


Report •

Related Solutions

#4
February 18, 2010 at 05:32:40

DDS (Ver_09-12-01.01) - NTFSx86
Run by Maryanne at 8:18:01.55 on Thu 02/18/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1553 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Maryanne\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - c:\program files\trend

micro\trendsecure\tisprotoolbar\TSToolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search

helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows

live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!

\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - c:\program files\trend

micro\trendsecure\tisprotoolbar\TSToolbar.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [<NO NAME>]
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12

\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12

\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5895/mcfscan.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12

\GrooveSystemServices.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend

micro\trendsecure\tisprotoolbar\TSToolbar.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12

\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\maryanne\appdata\roaming\mozilla\firefox\profiles\0d72riph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFTMUFEHelper.dll
FF - component: c:\program files\trend micro\trendsecure\tisprotoolbar\firefoxextension\components\FFToolbarComm.dll
FF - component: c:\users\maryanne\appdata\roaming\mozilla\firefox\profiles\0d72riph.default\extensions\{e001c731-5e37-

4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\maryanne\appdata\roaming\mozilla\firefox\profiles\0d72riph.default\extensions\{e001c731-5e37-4538-

a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref

("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual",

"http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-

3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-1-30 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 74480]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2010-2-17 146448]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-1-30 176128]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2010-1-30

20544]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-2-17 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2010-2-17 283152]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 7408]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-2-17 50704]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20

21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-2-2 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-1-30 22272]

=============== Created Last 30 ================

2010-02-18 03:08:46 0 d-----w- c:\programdata\Trend Micro
2010-02-18 03:07:11 0 d-----w- c:\program files\Trend Micro
2010-02-18 03:02:13 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-02-18 03:02:13 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-02-18 03:02:13 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-02-18 03:02:13 283152 ----a-w- c:\windows\system32\drivers\tmwfp.sys
2010-02-18 03:02:13 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-02-18 03:02:13 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-18 03:02:13 146448 ----a-w- c:\windows\system32\drivers\tmlwf.sys
2010-02-18 03:02:13 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-02-18 03:02:12 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-02-18 02:37:53 0 d-----w- c:\users\maryanne\appdata\roaming\QuickScan
2010-02-18 02:21:35 0 d-----w- c:\windows\McAfee.com
2010-02-18 02:09:26 0 d-----w- c:\users\maryanne\appdata\roaming\Malwarebytes
2010-02-18 02:09:19 0 d-----w- c:\programdata\Malwarebytes
2010-02-17 19:22:18 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2010-02-17 19:22:18 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2010-02-17 19:21:09 0 d-----w- c:\users\maryanne\appdata\roaming\ESET
2010-02-17 19:20:10 0 d-----w- c:\programdata\ESET
2010-02-17 19:20:10 0 d-----w- c:\program files\ESET
2010-02-17 15:30:40 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-17 15:29:48 0 d-----w- c:\users\maryanne\appdata\roaming\SUPERAntiSpyware.com
2010-02-17 15:29:48 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 15:21:40 0 d-----w- c:\windows\pss
2010-02-17 15:12:46 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-17 15:12:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-17 14:19:32 81920 ----a-w- c:\windows\system32\CONSENT.EXE
2010-02-14 02:19:29 0 d-----w- c:\programdata\Apple
2010-02-10 17:26:40 0 d-----w- c:\program files\Windows Portable Devices
2010-02-10 13:32:22 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-02-10 13:32:21 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-02-10 13:32:21 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-02-10 13:30:13 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-02-10 13:30:13 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-02-10 13:30:13 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-02-10 11:32:31 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 11:32:31 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 11:32:04 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 11:32:04 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 11:31:00 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 11:31:00 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 11:30:32 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 11:30:31 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 11:30:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 11:30:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 11:30:31 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 11:30:31 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 11:30:31 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 11:30:31 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 11:30:31 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 11:30:11 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-10 11:30:11 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-09 21:43:51 0 d-----w- c:\windows\system32\eu-ES
2010-02-09 21:43:51 0 d-----w- c:\windows\system32\ca-ES
2010-02-09 21:43:49 0 d-----w- c:\windows\system32\vi-VN
2010-02-09 21:20:12 0 d-----w- c:\windows\system32\EventProviders
2010-02-09 18:05:20 0 d-----w- c:\program files\a-squared Anti-Malware
2010-02-09 17:55:49 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-06 11:49:59 618496 ----a-w- c:\windows\system32\mswstr10.dll
2010-02-06 11:48:56 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-02-06 11:48:56 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-02-06 11:48:56 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-02-06 11:48:56 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-02-06 11:48:56 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-02-06 11:48:56 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-02-06 11:48:56 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-02-06 11:48:52 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-02-06 11:48:46 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-02-06 11:48:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-02-06 11:48:30 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-02-06 11:26:59 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-06 03:50:37 0 d-----w- c:\programdata\Alwil Software
2010-02-06 00:57:55 72704 ----a-w- c:\windows\system32\admparse.dll
2010-02-04 18:49:42 0 d-----w- c:\programdata\WindowsSearch
2010-02-03 02:27:06 0 d-----w- c:\programdata\Yahoo! Companion
2010-02-03 02:26:40 0 d-----w- c:\programdata\Yahoo!
2010-02-03 02:23:59 0 d-----w- c:\program files\Yahoo!
2010-02-02 15:30:37 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-02-02 14:59:01 0 d-----w- c:\users\maryanne\Office Genuine Advantage
2010-02-02 14:50:01 0 d-----w- c:\programdata\Office Genuine Advantage
2010-02-02 14:45:37 0 d-----w- c:\users\maryanne\Tracing
2010-02-02 14:44:41 54632 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-02-02 14:42:37 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-02 14:41:28 0 d-----w- c:\program files\Microsoft
2010-02-02 14:41:06 0 d-----w- c:\program files\Windows Live SkyDrive
2010-02-02 14:28:56 0 d-----w- c:\windows\PCHEALTH
2010-02-02 14:28:31 0 d-----w- c:\program files\common files\Windows Live
2010-02-02 14:25:25 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-02 14:20:40 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-02-02 14:20:38 270848 ----a-w- c:\windows\system32\schannel.dll
2010-02-02 13:29:04 134 ----a-w- c:\users\maryanne\appdata\roaming\wklnhst.dat
2010-02-02 12:10:32 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-02-02 02:24:44 0 d-----w- c:\programdata\LogiShrd
2010-02-01 19:19:55 13398 ----a-w- c:\windows\system32\Repository.reg
2010-02-01 19:19:54 50127 ----a-w- c:\windows\system32\lvcoinst.ini
2010-02-01 19:19:54 41504 ----a-w- c:\windows\system32\drivers\LVUSBSta.sys
2010-02-01 19:19:54 1507232 ----a-w- c:\windows\system32\drivers\lvpopflt.sys
2010-02-01 19:19:54 129824 ----a-w- c:\windows\system32\lvci1051.dll
2010-02-01 19:06:46 0 d-----w- c:\users\maryanne\appdata\roaming\GetRightToGo
2010-02-01 19:04:31 0 d-----w- c:\programdata\Logitech
2010-02-01 12:21:19 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-01 12:07:46 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-01 12:07:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-01 12:07:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-01 11:46:16 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-31 12:37:12 2354 ----a-w- c:\users\maryanne\appdata\roaming\SAS7_000.DAT
2010-01-31 12:24:01 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-31 12:24:00 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-31 12:24:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-31 12:24:00 23552 ----a-w- c:\windows\system32\lpk.dll
2010-01-31 12:24:00 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-31 12:24:00 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-31 12:22:24 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-01-31 12:22:24 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-01-31 12:22:24 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-01-31 12:22:24 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-01-31 12:22:23 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-01-31 12:22:23 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-01-31 12:22:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-01-31 12:22:23 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-01-31 12:22:23 10240 ----a-w- c:\windows\system32\finger.exe
2010-01-31 12:21:14 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-01-31 12:21:13 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-01-31 12:21:13 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-01-31 12:21:13 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-01-31 12:21:13 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-01-31 12:21:13 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-01-31 12:21:13 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-01-31 12:20:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-01-31 12:20:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-01-31 12:20:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-31 12:20:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-01-31 12:20:15 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-01-31 12:20:14 9728 ----a-w- c:\windows\system32\lsass.exe
2010-01-31 12:20:14 72704 ----a-w- c:\windows\system32\secur32.dll
2010-01-31 12:20:14 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-31 12:19:45 2868224 ----a-w- c:\windows\system32\mf.dll
2010-01-31 12:19:44 98816 ----a-w- c:\windows\system32\mfps.dll
2010-01-31 12:19:44 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-01-31 12:19:44 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-01-31 12:19:43 2048 ----a-w- c:\windows\system32\mferror.dll
2010-01-31 12:18:44 71680 ----a-w- c:\windows\system32\atl.dll
2010-01-31 12:17:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-01-31 12:16:43 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-01-31 12:16:43 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-01-31 12:16:43 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-01-31 12:16:40 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-01-31 12:13:44 623616 ----a-w- c:\windows\system32\localspl.dll
2010-01-31 12:10:38 2036736 ----a-w- c:\windows\system32\win32k.sys
2010-01-31 12:09:35 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-31 12:09:32 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-01-31 12:09:32 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-01-31 12:09:03 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-31 12:09:03 1696768 ----a-w- c:\windows\system32\gameux.dll
2010-01-31 12:09:02 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-31 12:07:53 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-31 12:07:27 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-31 12:07:23 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-01-31 12:06:53 243712 ----a-w- c:\windows\system32\rastls.dll
2010-01-31 12:06:22 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-31 12:05:52 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-31 12:05:23 763904 ----a-w- c:\windows\system32\MSDTVVDEC.DLL
2010-01-31 12:05:23 711168 ----a-w- c:\windows\system32\sbe.dll
2010-01-31 12:05:23 604672 ----a-w- c:\windows\system32\CPFilters.dll
2010-01-31 12:04:53 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-31 12:04:51 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-31 12:04:51 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-31 12:04:51 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-01-31 12:04:51 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-31 11:10:31 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-31 02:01:49 0 d-----w- c:\programdata\InstallShield
2010-01-31 02:01:22 0 d---a-w- c:\programdata\TEMP
2010-01-31 02:00:39 0 d-----w- c:\users\maryanne\appdata\roaming\Nuance
2010-01-31 01:57:53 0 d-----w- c:\programdata\ScanSoft
2010-01-31 01:57:53 0 d-----w- c:\program files\common files\ScanSoft Shared
2010-01-31 01:57:52 0 d-----w- c:\program files\common files\Nuance
2010-01-31 01:57:31 0 d-----w- c:\programdata\Nuance
2010-01-31 01:57:31 0 d-----w- c:\program files\Nuance
2010-01-31 00:56:17 0 d-----w- c:\programdata\Google
2010-01-31 00:56:14 0 d-----w- c:\programdata\Partner
2010-01-31 00:55:23 0 d-----w- c:\programdata\Symantec
2010-01-31 00:55:22 0 d-----w- c:\programdata\Norton
2010-01-31 00:55:17 0 d-----w- c:\programdata\NortonInstaller
2010-01-31 00:52:37 0 ----a-w- c:\windows\NDSTray.INI
2010-01-31 00:51:47 279376 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2010-01-31 00:51:44 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-01-31 00:51:24 0 d-----w- c:\program files\common files\Toshiba Shared
2010-01-31 00:50:26 364544 ----a-w- c:\windows\system32\RtlLib.dll
2010-01-31 00:50:26 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-01-31 00:50:26 155648 ----a-w- c:\windows\system32\IpLib.dll
2010-01-31 00:50:26 131072 ----a-w- c:\windows\system32\EnumDevLib.dll
2010-01-31 00:50:26 1069056 ----a-w- c:\windows\system32\libeay32.dll
2010-01-31 00:46:17 22272 ----a-w- c:\windows\system32\drivers\PGEffect.sys
2010-01-31 00:45:29 0 d-----w- c:\programdata\Toshiba
2010-01-31 00:39:57 24576 ----a-w- c:\windows\system32\TSCI.dll
2010-01-31 00:39:57 24576 ----a-w- c:\windows\system32\THCI.dll
2010-01-31 00:38:49 766 ----a-w- c:\windows\system\CRIcon.ico
2010-01-31 00:38:49 6815264 ----a-w- c:\windows\system\DriveIcon.dll
2010-01-31 00:38:49 63488 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2010-01-31 00:38:49 0 d-----w- c:\windows\system32\sda
2010-01-31 00:35:39 916 ----a-w- c:\windows\system32\tosmreg.dat
2010-01-31 00:35:39 238912 ----a-w- c:\windows\system32\tosmreg.exe
2010-01-31 00:35:37 0 d-----w- c:\program files\ltmoh
2010-01-31 00:35:13 0 d-----w- c:\windows\Options
2010-01-31 00:34:52 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2010-01-31 00:34:45 0 d-----w- c:\program files\Synaptics
2010-01-31 00:32:07 0 d-----w- c:\program files\Realtek WLAN Driver
2010-01-31 00:30:15 0 d--h--w- c:\program files\Temp
2010-01-31 00:30:15 0 d-----w- c:\program files\Realtek
2010-01-31 00:28:44 0 d-----w- c:\programdata\ATI
2010-01-31 00:28:18 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-31 00:25:15 0 d-----w- c:\program files\ATI
2010-01-31 00:25:13 0 d-----w- c:\program files\ATI Technologies
2010-01-31 00:18:55 0 d-----w- c:\program files\Microsoft Office Suite Activation Assistant
2010-01-31 00:13:03 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-01-31 00:11:11 0 d-----w- c:\programdata\Microsoft Help
2010-01-30 23:43:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-01-30 23:36:10 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-30 23:35:48 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-01-30 23:35:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-30 23:35:35 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-30 23:19:30 16 --sh--r- c:\windows\system32\drivers\fbd.sys
2010-01-30 23:18:46 0 d-----w- c:\users\maryanne\appdata\roaming\WinBatch

==================== Find3M ====================

2010-02-18 03:10:34 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-18 03:10:34 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-18 03:10:34 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-10 17:26:33 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-09 21:31:25 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-01-31 00:30:18 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-30 23:18:48 6 --sh--r- c:\windows\system32\drivers\taishop.sys
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 15:53:32 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-12-03 14:27:28 80416 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-12-03 14:27:28 100896 ----a-w- c:\windows\system32\RTNUninst32.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 8:19:48.69 ===============


Report •

#5
February 18, 2010 at 05:32:55

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/30/2010 7:03:21 PM
System Uptime: 2/18/2010 7:21:36 AM (1 hours ago)

Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon(tm) X2 Dual-Core QL-65 | Socket M2/S1G1 | 2100/2000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 188.185 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Amazon Links
Apple Application Support
Apple Software Update
ATI Catalyst Install Manager
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Direct DiscRecorder
Dragon NaturallySpeaking 10
DVD MovieFactory for TOSHIBA
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 11
Junk Mail filter update
LightScribe 1.4.124.1
Logitech Vid
Logitech Webcam Software
Logitech® Camera Driver
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007 Subscription
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netzero Internet Access Installer
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
Norton Internet Security
OGA Notifier 2.0.0048.0
Picasa 2
PlayReady PC runtime
QuickBooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skins
Skype Launcher
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Trend Micro Internet Security Pro
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb977719)
Visual C++ Runtime for Dragon NaturallySpeaking
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/18/2010 7:22:29 AM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Eset Nod32 Boot service to

connect.
2/18/2010 7:22:29 AM, Error: Service Control Manager [7000] - The Eset Nod32 Boot

service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
2/17/2010 9:46:33 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to

start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "5"

Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:

{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
2/17/2010 9:23:06 PM, Error: Service Control Manager [7031] - The Microsoft

Antimalware Service service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 15000 milliseconds: Restart the

service.
2/17/2010 9:21:04 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to

start a DCOM Server: {8CEC58AE-07A1-11D9-B15E-000D56BFE6EE} as /. The error: "5"

Happened while starting this command: C:\Windows\helppane.exe -Embedding
2/17/2010 9:20:49 AM, Error: Service Control Manager [7000] - The Microsoft

Software Shadow Copy Provider service failed to start due to the following error:

Microsoft Software Shadow Copy Provider is not a valid Win32 application.
2/17/2010 9:20:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "193" attempting to start the service swprv with arguments "" in order to run

the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
2/17/2010 9:15:41 AM, Error: EventLog [6008] - The previous system shutdown at

9:13:24 AM on 2/17/2010 was unexpected.
2/17/2010 9:13:29 AM, Error: Service Control Manager [7031] - The a-squared Anti-

Malware Service service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 0 milliseconds: Restart the service.
2/17/2010 2:20:53 PM, Error: Microsoft-Windows-Dhcp-Client [1001] - Your computer

was not assigned an address from the network (by the DHCP Server) for the Network

Card with network address 00225FCA97ED. The following error occurred: The

operation was canceled by the user.. Your computer will continue to try and obtain

an address on its own from the network address (DHCP) server.
2/17/2010 2:20:14 PM, Error: Service Control Manager [7030] - The Eset Service

service is marked as an interactive service. However, the system is configured to

not allow interactive services. This service may not function properly.
2/17/2010 10:12:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to

start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error: "5"

Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:

{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
2/17/2010 10:12:45 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to

start a DCOM Server: {56EA1054-1959-467F-BE3B-A2A787C4B6EA}. The error: "193"

Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:

{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
2/17/2010 1:51:18 PM, Error: Service Control Manager [7000] - The SASDIFSV service

failed to start due to the following error: Cannot create a file when that file

already exists.
2/14/2010 10:00:03 AM, Error: EventLog [6008] - The previous system shutdown at

9:30:54 PM on 2/13/2010 was unexpected.
2/13/2010 4:21:08 PM, Error: Service Control Manager [7009] - A timeout was

reached (30000 milliseconds) while waiting for the Windows Search service to

connect.
2/13/2010 4:21:08 PM, Error: Service Control Manager [7000] - The Windows Search

service failed to start due to the following error: The service did not respond to

the start or control request in a timely fashion.
2/13/2010 4:21:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got

error "1053" attempting to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

==== End Of File ===========================


Report •

#6
February 18, 2010 at 18:34:02
Please download Combofix with internet explorer insyaed of Firefox if possible.

Remember..your TrendMicro antivirus and Windows Defender must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
February 19, 2010 at 06:50:59
Thanks, jabuck.

ComboFix 10-02-18.09 - Maryanne 02/19/2010 9:27.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1945 [GMT -5:00]
Running from: c:\users\Maryanne\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-01-31 00:56 157168 ----a-w- c:\programdata\Partner\partner.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-02-18 1020248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Maryanne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dragon NaturallySpeaking.lnk]
path=c:\users\Maryanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dragon NaturallySpeaking.lnk
backup=c:\windows\pss\Dragon NaturallySpeaking.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Maryanne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Maryanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Maryanne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Maryanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2009-03-23 18:50 729088 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 20:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cfFncEnabler.exe]
2009-03-24 21:53 16384 ----a-w- c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 12:33 259624 ----a-w- c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2009-03-09 23:51 55160 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 21:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 20:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 18:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
2009-05-13 06:26 299008 ----a-w- c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-03-13 02:11 6965792 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-03-13 02:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-25 03:33 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2008-12-18 22:34 448376 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 14:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-04-22 05:25 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-03-18 18:19 1451304 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TANU]
2009-03-28 19:30 263560 ----a-w- c:\program files\TOSHIBA\TANU\TANU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Teco]
2009-04-15 01:57 1318912 ----a-w- c:\program files\TOSHIBA\TECO\TEco.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TosSENotify]
2009-03-24 18:34 1007616 ----a-w- c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2009-03-07 02:29 468320 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-04-17 02:42 2513472 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c4,20,49,74,e7,a9,ca,01

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [1/30/2010 7:50 PM 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 66632]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2/17/2010 10:02 PM 146448]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [1/30/2010 7:25 PM 176128]
R2 camsvc;TOSHIBA Web Camera Service;c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [1/30/2010 7:46 PM 20544]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [3/10/2009 9:51 PM 46448]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2/19/2009 5:52 PM 57344]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2/17/2010 10:02 PM 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2/17/2010 10:02 PM 283152]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [4/14/2009 8:57 PM 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [3/17/2009 1:49 PM 73728]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [5/3/2009 10:27 PM 7168]
R3 PGEffect;Pangu effect driver;c:\windows\System32\drivers\PGEffect.sys [1/30/2010 7:46 PM 22272]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 9:39 PM 135664]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\System32\regedt32.exe [11/2/2006 3:32 AM 9216]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [2/2/2010 9:44 AM 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [1/30/2010 7:56 PM 110576]
S3 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2/17/2010 10:02 PM 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2/17/2010 10:10 PM 497008]
S3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2/17/2010 10:10 PM 689416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:39]

2010-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Maryanne\AppData\Roaming\Mozilla\Firefox\Profiles\0d72riph.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFTMUFEHelper.dll
FF - component: c:\program files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension\components\FFToolbarComm.dll
FF - component: c:\users\Maryanne\AppData\Roaming\Mozilla\Firefox\Profiles\0d72riph.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Maryanne\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\Maryanne\AppData\Roaming\Mozilla\Firefox\Profiles\0d72riph.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-19 09:38
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-02-19 09:40:09
ComboFix-quarantined-files.txt 2010-02-19 14:40
ComboFix2.txt 2010-02-19 13:54

Pre-Run: 201,626,783,744 bytes free
Post-Run: 201,662,902,272 bytes free

- - End Of File - - E36C04FD89A5AAFEF4C0379E88F55878


Report •

#8
February 19, 2010 at 06:52:03
Was that the correct log? :)
Thanks,
Sarah

Report •

#9
February 19, 2010 at 14:12:04
The top half of the log is missing.

Navigate to C:\Combofix.txt which is the combofix log and post all of it please.


Report •

#10
February 19, 2010 at 17:45:23
Hi jabuck,

That was the log found at C:\ named Combofix.txt :)

Sarah


Report •

#11
February 19, 2010 at 18:10:08
Sarah, are you able to download files still?..If you can, download and install Kaspersky Anti-Virus and then boot into safe mode and or safe mode with networking (I believe it can be run in safe mode anyway), then do a Deep Scan under the scanning options it provides. If you have XP you need to download WinSock Fix from here http://majorgeeks.com/WinSock_XP_Fi... or here http://www.softpedia.com/progDownlo... you can also google search for a Vista/Windows 7 version as I'm sure there is one. I recommend downloading WinSock Fix only AFTER you've gotten rid of the Browser Hijack infection.


I've been DNS/Browser Hijacked before, and it took me 3 days to clean out the infection (this was before I even thought of to use Kaspersky). Kaspersky + Winsock Fix should do the trick for you, as it did for me.


Report •

Ask Question