Infection... stuck system settings, hijacked browsers!

[Stuck]

Please help... I'm stuck! Hoping you're there SuperDave!

 

by Mel at 22:26:55 on 2011-12-12

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1961 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\System32\alg.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\PROGRAM FILES\ADOBE\READER 9.0\READER\READER_SL.EXE

C:\PROGRAM FILES\TOSHIBA\FLASHCARDS\TCRDMAIN.EXE

C:\Program Files\TOSHIBA\SMOOTHVIEW\SMOOTHVIEW.EXE

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE

C:\WINDOWS\SYSTEM32\HKCMD.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://www.msn.com

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File

uRun: [MSASCui.exe] c:\program files\windows defender\MSASCui.exe

uRun: [Advanced SystemCare 5] "c:\program files\iobit\advanced systemcare 5\ASCTray.exe" /Manual

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [TPwrMain] %programfiles%\toshiba\power saver\tpwrmain.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0DE3203E-4705-4275-AEBD-818FF3D27782} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{EA546370-0AC7-44FD-97F3-45013FFE9B7C} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{EA546370-0AC7-44FD-97F3-45013FFE9B7C} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 http://www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\mel\appdata\roaming\mozilla\firefox\profiles\zsazl1q4.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

.

---- FIREFOX POLICIES ----

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1323661946

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1323659365

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1323659245

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1323695139

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage_override.buildID - 20111104165243

FF - user.js: browser.startup.homepage_override.mstone - rv:8.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: extensions.blocklist.pingCountTotal - 43

FF - user.js: extensions.blocklist.pingCountVersion - 26

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 6

FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\divxhtml5\,\mtime\:1319338823779}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1320849107501},\{cafeefac-0017-0000-0001-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0017-0000-0001-abcdeffedcba}\,\mtime\:1319055963083}}}]

FF - user.js: extensions.lastAppVersion - 8.0

FF - user.js: extensions.lastPlatformVersion - 8.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: gfx.blacklist.direct2d - 2

FF - user.js: gfx.blacklist.layers.direct3d10 - 2

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2

FF - user.js: idle.lastDailyNotification - 1323044259

FF - user.js: intl.charsetmenu.browser.cache - windows-1251, GB2312, windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1323044260

FF - user.js: places.history.expiration.transient_current_max_pages - 96297

FF - user.js: print_printer - Canon iP2600 series

FF - user.js: printer_Canon_iP2600_series.print_bgcolor - false

FF - user.js: printer_Canon_iP2600_series.print_bgimages - false

FF - user.js: printer_Canon_iP2600_series.print_colorspace -

FF - user.js: printer_Canon_iP2600_series.print_command -

FF - user.js: printer_Canon_iP2600_series.print_downloadfonts - false

FF - user.js: printer_Canon_iP2600_series.print_edge_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_left - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_right - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_top - 0

FF - user.js: printer_Canon_iP2600_series.print_evenpages - true

FF - user.js: printer_Canon_iP2600_series.print_footercenter -

FF - user.js: printer_Canon_iP2600_series.print_footerleft - &PT

FF - user.js: printer_Canon_iP2600_series.print_footerright - &D

FF - user.js: printer_Canon_iP2600_series.print_headercenter -

FF - user.js: printer_Canon_iP2600_series.print_headerleft - &T

FF - user.js: printer_Canon_iP2600_series.print_headerright - &U

FF - user.js: printer_Canon_iP2600_series.print_in_color - true

FF - user.js: printer_Canon_iP2600_series.print_margin_bottom - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_left - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_right - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_top - 0.5

FF - user.js: printer_Canon_iP2600_series.print_oddpages - true

FF - user.js: printer_Canon_iP2600_series.print_orientation - 0

FF - user.js: printer_Canon_iP2600_series.print_page_delay - 50

FF - user.js: printer_Canon_iP2600_series.print_paper_data - 1

FF - user.js: printer_Canon_iP2600_series.print_paper_height - 11.00

FF - user.js: printer_Canon_iP2600_series.print_paper_name -

FF - user.js: printer_Canon_iP2600_series.print_paper_size_type - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_size_unit - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_width - 8.50

FF - user.js: printer_Canon_iP2600_series.print_plex_name -

FF - user.js: printer_Canon_iP2600_series.print_resolution_name -

FF - user.js: printer_Canon_iP2600_series.print_reversed - false

FF - user.js: printer_Canon_iP2600_series.print_scaling - 1.00

FF - user.js: printer_Canon_iP2600_series.print_shrink_to_fit - true

FF - user.js: printer_Canon_iP2600_series.print_to_file - false

FF - user.js: printer_Canon_iP2600_series.print_to_filename -

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_left - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_right - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_top - 0

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1321804746

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324174112

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1323661946

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1323659365

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1323659245

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1323695139

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage_override.buildID - 20111104165243

FF - user.js: browser.startup.homepage_override.mstone - rv:8.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: extensions.blocklist.pingCountTotal - 43

FF - user.js: extensions.blocklist.pingCountVersion - 26

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 6

FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\divxhtml5\,\mtime\:1319338823779}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1320849107501},\{cafeefac-0017-0000-0001-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0017-0000-0001-abcdeffedcba}\,\mtime\:1319055963083}}}]

FF - user.js: extensions.lastAppVersion - 8.0

FF - user.js: extensions.lastPlatformVersion - 8.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: gfx.blacklist.direct2d - 2

FF - user.js: gfx.blacklist.layers.direct3d10 - 2

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2

FF - user.js: idle.lastDailyNotification - 1323044259

FF - user.js: intl.charsetmenu.browser.cache - windows-1251, GB2312, windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1323044260

FF - user.js: places.history.expiration.transient_current_max_pages - 96297

FF - user.js: print_printer - Canon iP2600 series

FF - user.js: printer_Canon_iP2600_series.print_bgcolor - false

FF - user.js: printer_Canon_iP2600_series.print_bgimages - false

FF - user.js: printer_Canon_iP2600_series.print_colorspace -

FF - user.js: printer_Canon_iP2600_series.print_command -

FF - user.js: printer_Canon_iP2600_series.print_downloadfonts - false

FF - user.js: printer_Canon_iP2600_series.print_edge_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_left - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_right - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_top - 0

FF - user.js: printer_Canon_iP2600_series.print_evenpages - true

FF - user.js: printer_Canon_iP2600_series.print_footercenter -

FF - user.js: printer_Canon_iP2600_series.print_footerleft - &PT

FF - user.js: printer_Canon_iP2600_series.print_footerright - &D

FF - user.js: printer_Canon_iP2600_series.print_headercenter -

FF - user.js: printer_Canon_iP2600_series.print_headerleft - &T

FF - user.js: printer_Canon_iP2600_series.print_headerright - &U

FF - user.js: printer_Canon_iP2600_series.print_in_color - true

FF - user.js: printer_Canon_iP2600_series.print_margin_bottom - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_left - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_right - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_top - 0.5

FF - user.js: printer_Canon_iP2600_series.print_oddpages - true

FF - user.js: printer_Canon_iP2600_series.print_orientation - 0

FF - user.js: printer_Canon_iP2600_series.print_page_delay - 50

FF - user.js: printer_Canon_iP2600_series.print_paper_data - 1

FF - user.js: printer_Canon_iP2600_series.print_paper_height - 11.00

FF - user.js: printer_Canon_iP2600_series.print_paper_name -

FF - user.js: printer_Canon_iP2600_series.print_paper_size_type - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_size_unit - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_width - 8.50

FF - user.js: printer_Canon_iP2600_series.print_plex_name -

FF - user.js: printer_Canon_iP2600_series.print_resolution_name -

FF - user.js: printer_Canon_iP2600_series.print_reversed - false

FF - user.js: printer_Canon_iP2600_series.print_scaling - 1.00

FF - user.js: printer_Canon_iP2600_series.print_shrink_to_fit - true

FF - user.js: printer_Canon_iP2600_series.print_to_file - false

FF - user.js: printer_Canon_iP2600_series.print_to_filename -

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_left - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_right - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_top - 0

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1321804746

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324174112

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

# Mozilla User Preferences/* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1323661946

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1323659365

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1323659245

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1323695139

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576

FF - user.js: browser.migration.version - 5

FF - user.js: browser.places.smartBookmarksVersion - 2

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage_override.buildID - 20111104165243

FF - user.js: browser.startup.homepage_override.mstone - rv:8.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: extensions.blocklist.pingCountTotal - 43

FF - user.js: extensions.blocklist.pingCountVersion - 26

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 6

FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:8.0

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}\:{\descriptor\:\c:\\\\program files\\\\divx\\\\divx plus web player\\\\firefox\\\\divxhtml5\,\mtime\:1319338823779}}},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1320849107501},\{cafeefac-0017-0000-0001-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0017-0000-0001-abcdeffedcba}\,\mtime\:1319055963083}}}]

FF - user.js: extensions.lastAppVersion - 8.0

FF - user.js: extensions.lastPlatformVersion - 8.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: gfx.blacklist.direct2d - 2

FF - user.js: gfx.blacklist.layers.direct3d10 - 2

FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2

FF - user.js: idle.lastDailyNotification - 1323044259

FF - user.js: intl.charsetmenu.browser.cache - windows-1251, GB2312, windows-1252, ISO-8859-1, UTF-8

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: places.database.lastMaintenance - 1323044260

FF - user.js: places.history.expiration.transient_current_max_pages - 96297

FF - user.js: print_printer - Canon iP2600 series

FF - user.js: printer_Canon_iP2600_series.print_bgcolor - false

FF - user.js: printer_Canon_iP2600_series.print_bgimages - false

FF - user.js: printer_Canon_iP2600_series.print_colorspace -

FF - user.js: printer_Canon_iP2600_series.print_command -

FF - user.js: printer_Canon_iP2600_series.print_downloadfonts - false

FF - user.js: printer_Canon_iP2600_series.print_edge_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_left - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_right - 0

FF - user.js: printer_Canon_iP2600_series.print_edge_top - 0

FF - user.js: printer_Canon_iP2600_series.print_evenpages - true

FF - user.js: printer_Canon_iP2600_series.print_footercenter -

FF - user.js: printer_Canon_iP2600_series.print_footerleft - &PT

FF - user.js: printer_Canon_iP2600_series.print_footerright - &D

FF - user.js: printer_Canon_iP2600_series.print_headercenter -

FF - user.js: printer_Canon_iP2600_series.print_headerleft - &T

FF - user.js: printer_Canon_iP2600_series.print_headerright - &U

FF - user.js: printer_Canon_iP2600_series.print_in_color - true

FF - user.js: printer_Canon_iP2600_series.print_margin_bottom - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_left - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_right - 0.5

FF - user.js: printer_Canon_iP2600_series.print_margin_top - 0.5

FF - user.js: printer_Canon_iP2600_series.print_oddpages - true

FF - user.js: printer_Canon_iP2600_series.print_orientation - 0

FF - user.js: printer_Canon_iP2600_series.print_page_delay - 50

FF - user.js: printer_Canon_iP2600_series.print_paper_data - 1

FF - user.js: printer_Canon_iP2600_series.print_paper_height - 11.00

FF - user.js: printer_Canon_iP2600_series.print_paper_name -

FF - user.js: printer_Canon_iP2600_series.print_paper_size_type - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_size_unit - 0

FF - user.js: printer_Canon_iP2600_series.print_paper_width - 8.50

FF - user.js: printer_Canon_iP2600_series.print_plex_name -

FF - user.js: printer_Canon_iP2600_series.print_resolution_name -

FF - user.js: printer_Canon_iP2600_series.print_reversed - false

FF - user.js: printer_Canon_iP2600_series.print_scaling - 1.00

FF - user.js: printer_Canon_iP2600_series.print_shrink_to_fit - true

FF - user.js: printer_Canon_iP2600_series.print_to_file - false

FF - user.js: printer_Canon_iP2600_series.print_to_filename -

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_bottom - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_left - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_right - 0

FF - user.js: printer_Canon_iP2600_series.print_unwriteable_margin_top - 0

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1321804746

FF - user.js: toolkit.telemetry.prompted - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1324174112

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

FF - user.js: browser.startup.homepage - hxxp://www.google.com/

FF - user.js: browser.blink_allowed - false

.

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-9-29 16024]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-18 15672]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-22 20384]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl07daaeef;MpKsl07daaeef;c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl07daaeef.sys [2011-12-12 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-11-15 494424]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-5-10 820568]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-9-29 224920]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-6 1153368]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-22 22216]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-3-7 111872]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-10-9 30600]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-10-9 19792]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2008-9-30 449536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-10-9 18768]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-22 366152]

.

=============== Created Last 30 ================

.

2011-12-13 03:24:49 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl07daaeef.sys

2011-12-13 03:24:46 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\offreg.dll

2011-12-12 19:00:33 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cad1249b-3b51-4117-b87a-89fa5afff8e4}\offreg.dll

2011-12-12 15:25:10 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\mpengine.dll

2011-12-12 03:22:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cad1249b-3b51-4117-b87a-89fa5afff8e4}\mpengine.dll

2011-12-08 02:23:01 -------- d-----w- c:\users\mel\appdata\roaming\SideSlide

2011-11-18 23:43:42 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-11-18 23:43:41 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-11-16 03:46:09 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

==================== Find3M ====================

.

2011-12-12 03:01:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-24 02:54:28 80 --sh--r- c:\windows\system32\779E2D4483.dll

2011-10-19 20:25:45 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 02:30:14 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-09-30 02:30:08 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-09-30 02:30:02 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

============= FINISH: 22:28:27.93 ===============

[Stuck]

Sorry about that!

 

Short version here:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/22/2008 1:08:05 PM

System Uptime: 12/12/2011 10:24:02 PM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | CPU | 1867/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 185 GiB total, 84.683 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0003

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #2

PNP Device ID: ROOT\*6TO4MP\0003

Service: tunnel

.

==== System Restore Points ===================

.

RP1975: 12/7/2011 9:45:53 PM - Windows Update

RP1976: 12/8/2011 9:01:41 PM - Windows Update

RP1977: 12/11/2011 9:59:47 PM - Scheduled Checkpoint

RP1978: 12/11/2011 10:22:21 PM - Windows Update

RP1979: 12/12/2011 8:12:55 AM - Windows Update

RP1980: 12/12/2011 10:24:54 AM - Windows Update

RP1982: 12/12/2011 10:58:01 PM - Revo Uninstaller's restore point - Mozilla Firefox 8.0 (x86 en-US)

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

Advanced SystemCare 3

Advanced SystemCare 5

Ares 3.1.5.3033

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

Camera Assistant Software for Toshiba

Canon iP2600 series

Canon iP2600 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CCleaner

CCScore

CD/DVD Drive Acoustic Silencer

D3DX10

DivX Setup

DVD MovieFactory for TOSHIBA

ESET Online Scanner v3

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

Fast DVD Ripper 1.1

ffdshow (remove only)

fflink

GearDrvs

Greenshot

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IObit Malware Fighter

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 20

Java 6 Update 27

Java 7 Update 1

kgcbaby

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

Macrium Reflect Free Edition

Malwarebytes' Anti-Malware version 1.51.2.1300

Memeo AutoBackup

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XML Parser

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

netbrdg

OfotoXMI

OpenOffice.org 3.2

Opera 11.60

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.93

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

SFR

SHASTA

skin0001

SKINXSDK

Skype™ 4.2

Smart Defrag 2

Speccy

Spybot - Search & Destroy

staticcr

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

U3Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update Service

VC80CRTRedist - 8.0.50727.6195

VPRINTOL

Windows Essentials Media Codec Pack 3.2

Windows Media Encoder 9 Series

WinRAR 4.01 (32-bit)

WIRELESS

WN111v2

.

==== Event Viewer Messages From Past Week ========

.

12/7/2011 10:21:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.117.545.0).

12/7/2011 10:21:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.508.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070643 Error description: Fatal error during installation.

12/12/2011 2:00:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/12/2011 12:10:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

12/12/2011 10:29:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/12/2011 10:25:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp

12/12/2011 10:25:19 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.

12/12/2011 10:21:35 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

12/12/2011 10:12:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/11/2011 9:41:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.665.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/11/2011 9:31:04 PM, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/22/2008 1:08:05 PM

System Uptime: 12/12/2011 10:24:02 PM (0 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Pentium® Dual CPU T2390 @ 1.86GHz | CPU | 1867/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 185 GiB total, 84.187 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0003

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #2

PNP Device ID: ROOT\*6TO4MP\0003

Service: tunnel

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.4.6

Adobe Shockwave Player 11.5

Advanced SystemCare 3

Advanced SystemCare 5

Ares 3.1.5.3033

Atheros Driver Installation Program

Atheros Wi-Fi Protected Setup Library

Camera Assistant Software for Toshiba

Canon iP2600 series

Canon iP2600 series User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CCleaner

CCScore

CD/DVD Drive Acoustic Silencer

D3DX10

DivX Setup

DVD MovieFactory for TOSHIBA

ESET Online Scanner v3

ESSBrwr

ESSCDBK

ESScore

ESSgui

ESSini

ESSPCD

ESSPDock

ESSTOOLS

essvatgt

Fast DVD Ripper 1.1

ffdshow (remove only)

fflink

GearDrvs

Greenshot

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IObit Malware Fighter

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 20

Java 6 Update 27

Java 7 Update 1

kgcbaby

kgchday

kgchlwn

kgcinvt

kgckids

kgcmove

kgcvday

Kodak EasyShare software

Macrium Reflect Free Edition

Malwarebytes' Anti-Malware version 1.51.2.1300

Memeo AutoBackup

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Microsoft XML Parser

Mozilla Firefox 8.0 (x86 en-US)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

netbrdg

OfotoXMI

OpenOffice.org 3.2

Opera 11.60

Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Revo Uninstaller 1.93

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Windows Media Encoder (KB2447961)

Security Update for Windows Media Encoder (KB954156)

Security Update for Windows Media Encoder (KB979332)

SFR

SHASTA

skin0001

SKINXSDK

Skype™ 4.2

Smart Defrag 2

Speccy

Spybot - Search & Destroy

staticcr

SUPERAntiSpyware Free Edition

Synaptics Pointing Device Driver

TOSHIBA Assist

TOSHIBA ConfigFree

TOSHIBA Disc Creator

TOSHIBA DVD PLAYER

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Hardware Setup

TOSHIBA Software Modem

TOSHIBA Software Upgrades

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

U3Launcher

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update Service

VC80CRTRedist - 8.0.50727.6195

VPRINTOL

Windows Essentials Media Codec Pack 3.2

Windows Media Encoder 9 Series

WinRAR 4.01 (32-bit)

WIRELESS

WN111v2

.

==== Event Viewer Messages From Past Week ========

.

12/7/2011 10:21:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.117.545.0).

12/7/2011 10:21:42 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.508.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x80070643 Error description: Fatal error during installation.

12/12/2011 2:00:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/12/2011 12:10:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

12/12/2011 10:29:06 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/12/2011 10:25:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdr4_xp

12/12/2011 10:25:19 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: Access is denied.

12/12/2011 10:21:35 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

12/12/2011 10:12:09 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

12/11/2011 9:41:39 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.117.665.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

12/11/2011 9:31:04 PM, Error: volmgr [46] - Crash dump initialization failed!

.

==== End Of File ===========================

[Stuck]

I know that Ares p2p is gnutella. It has not been used in over two years. It is kept in hope that the nature will change.

[Stuck]

Cleanup

 

I have cleaned some clutter from my system. Here is the new dds log:

 

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0

Run by Mel at 9:45:48 on 2011-12-13

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1800 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Windows\system32\agrsmsvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Windows\system32\svchost.exe -k imgsvc

c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\alg.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\servicing\TrustedInstaller.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

mStart Page = hxxp://www.msn.com

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File

TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File

uRun: [MSASCui.exe] c:\program files\windows defender\MSASCui.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

mRun: [NDSTray.exe] NDSTray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [TPwrMain] %programfiles%\toshiba\power saver\tpwrmain.exe

mRun: [Adobe Reader Speed Launcher] c:\program files\adobe\reader 9.0\reader\reader_sl.exe

mRun: [00TCrdMain] c:\program files\toshiba\flashcards\tcrdmain.exe

mRun: [smoothView] %programfiles%\toshiba\smoothview\smoothview.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\syntpenh.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0DE3203E-4705-4275-AEBD-818FF3D27782} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{EA546370-0AC7-44FD-97F3-45013FFE9B7C} : NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{EA546370-0AC7-44FD-97F3-45013FFE9B7C} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: AVGRSSTX.DLL

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

Hosts: 127.0.0.1 http://www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2011-9-29 16024]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-11-18 15672]

R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-6-22 20384]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]

R1 MpKsl00f3c0db;MpKsl00f3c0db;c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl00f3c0db.sys [2011-12-13 29904]

R1 MpKsl04a6705e;MpKsl04a6705e;c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl04a6705e.sys [2011-12-13 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-5-10 820568]

R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2011-9-29 224920]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-6 1153368]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]

R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-2-13 7168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNIMP50.sys [2006-11-16 21504]

S3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\drivers\DNISP50.sys [2006-11-16 20480]

S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-29 942080]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-22 22216]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]

S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-3-7 111872]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2011-10-9 30600]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2011-10-9 19792]

S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2v.sys [2008-9-30 449536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2011-10-9 18768]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-22 366152]

.

=============== Created Last 30 ================

.

2011-12-13 14:40:33 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl00f3c0db.sys

2011-12-13 14:40:31 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\offreg.dll

2011-12-13 13:57:20 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\MpKsl04a6705e.sys

2011-12-12 19:00:33 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cad1249b-3b51-4117-b87a-89fa5afff8e4}\offreg.dll

2011-12-12 15:25:10 6823496 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{0ec4800b-81fe-4fe6-8a0a-556c93f0cac8}\mpengine.dll

2011-12-12 03:22:51 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{cad1249b-3b51-4117-b87a-89fa5afff8e4}\mpengine.dll

2011-12-08 02:23:01 -------- d-----w- c:\users\mel\appdata\roaming\SideSlide

2011-11-18 23:43:42 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-11-18 23:43:41 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-11-16 03:46:09 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

==================== Find3M ====================

.

2011-12-12 03:01:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-15 19:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-24 02:54:28 80 --sh--r- c:\windows\system32\779E2D4483.dll

2011-10-19 20:25:45 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-09-30 02:30:14 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-09-30 02:30:08 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-09-30 02:30:02 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-09-20 21:02:55 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-20 13:44:04 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

============= FINISH: 9:46:19.27 ===============

 

 

Thanks!!

 

Stuck

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

***********************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

**************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

 

link # 1

Link # 2

If you are using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

 

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

 

Right-click combofix.exe and select Run as Administrator and follow the prompts.

When finished, ComboFix will produce a log for you.

Post the ComboFix login your next reply.

 

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

 

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

[Stuck]

SAS log

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/13/2011 at 09:27 PM

 

Application Version : 4.34.1000

 

Core Rules Database Version : 8032

Trace Rules Database Version: 5844

 

Scan type : Complete Scan

Total Scan Time : 01:33:17

 

Memory items scanned : 587

Memory threats detected : 0

Registry items scanned : 7186

Registry threats detected : 0

File items scanned : 128409

File threats detected : 0

[Stuck]

Mbam log

 

Malwarebytes' Anti-Malware 1.51.2.1300

http://www.malwarebytes.org

 

Database version: 8367

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

 

12/13/2011 10:30:48 PM

mbam-log-2011-12-13 (22-30-48).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 312910

Time elapsed: 51 minute(s), 26 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

[Stuck]

Combofix log

 

ComboFix 11-12-13.03 - Mel 12/13/2011 23:06:51.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1248 [GMT -5:00]

Running from: c:\users\Mel\Desktop\ComboFix.exe

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\07D

c:\programdata\07D\{09800481-7495-459C-91BF-5A5574AAAD82}.swf

c:\programdata\0EB

c:\programdata\0EB\{0F516F56-F5ED-46B8-918C-83F73B72C527}.swf

c:\programdata\18D

c:\programdata\18D\{C83251E7-0B8C-4AD3-BB26-95DCCC7EF546}.swf

c:\programdata\245

c:\programdata\245\{33378B79-DC85-4BDB-9F9A-0826A9B3BC93}.swf

c:\programdata\462

c:\programdata\462\{7308AEAD-6D0F-47FE-B674-97E49B916934}.swf

c:\programdata\4F3

c:\programdata\4F3\{C6457CAF-2D98-469D-A3F5-9A26FB039F1A}.swf

c:\programdata\76C

c:\programdata\76C\{7BA60A59-474C-444E-8AC7-586044E04B94}.swf

c:\windows\system32\779E2D4483.dll

.

.

((((((((((((((((((((((((( Files Created from 2011-11-14 to 2011-12-14 )))))))))))))))))))))))))))))))

.

.

2011-12-13 14:57 . 2011-12-13 14:57 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2BF327-44F7-430F-B0C8-F33E3760B575}\MpKslef8cd5a3.sys

2011-12-13 14:57 . 2011-12-13 14:57 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2BF327-44F7-430F-B0C8-F33E3760B575}\offreg.dll

2011-12-13 14:56 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2BF327-44F7-430F-B0C8-F33E3760B575}\mpengine.dll

2011-12-12 19:00 . 2011-12-12 19:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAD1249B-3B51-4117-B87A-89FA5AFFF8E4}\offreg.dll

2011-12-12 03:22 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CAD1249B-3B51-4117-B87A-89FA5AFFF8E4}\mpengine.dll

2011-12-08 02:23 . 2011-12-08 02:37 -------- d-----w- c:\users\Mel\AppData\Roaming\SideSlide

2011-11-18 23:43 . 2011-08-19 21:33 25944 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-11-18 23:43 . 2010-11-26 23:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-11-16 03:46 . 2011-10-20 03:16 20312 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-12 03:01 . 2011-09-23 04:27 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-21 10:47 . 2011-10-26 13:13 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-11-15 19:29 . 2009-10-23 06:09 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-10-25 00:01 . 2011-10-25 00:01 388096 ----a-r- c:\users\Mel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-10-19 20:25 . 2010-05-23 14:51 544656 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-04 21:22 . 2011-10-25 02:39 703824 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{33DEE7C2-0349-400C-B049-D5556FAD14DF}\gapaengine.dll

2011-09-30 02:30 . 2011-09-30 02:30 12952 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys

2011-09-30 02:30 . 2011-09-30 02:30 16024 ----a-w- c:\windows\system32\drivers\pssnap.sys

2011-09-30 02:30 . 2011-09-30 02:30 47256 ----a-w- c:\windows\system32\drivers\psmounter.sys

2011-09-20 21:02 . 2011-11-08 23:51 913280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-09-20 13:44 . 2011-11-08 23:51 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSASCui.exe"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"NDSTray.exe"="NDSTray.exe" [bU]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848]

"TPwrMain"="c:\program files\toshiba\power saver\tpwrmain.exe" [2008-01-17 431456]

"Adobe Reader Speed Launcher"="c:\program files\adobe\reader 9.0\reader\reader_sl.exe" [2011-09-07 37296]

"00TCrdMain"="c:\program files\toshiba\flashcards\tcrdmain.exe" [2008-01-22 712704]

"SmoothView"="c:\program files\toshiba\smoothview\smoothview.exe" [2007-06-16 448080]

"SynTPEnh"="c:\program files\synaptics\syntp\syntpenh.exe" [2008-08-14 1348904]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Mel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Captus.lnk]

backup=c:\windows\pss\Captus.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]

2009-03-13 16:42 3231744 ----a-w- c:\program files\Ares\Ares.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]

2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 21:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-12-08 19:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe

.

R1 MpKsl502e2196;MpKsl502e2196; [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 DNIMp50;DNIMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNIMp50.sys [2006-11-16 21504]

R3 DNISp50;DNISp50 NDIS Protocol Driver;c:\windows\system32\Drivers\DNISp50.sys [2006-11-16 20480]

R3 IO_Memory;IO_Memory; [x]

R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2008-02-29 942080]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]

R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]

R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]

R3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310v.sys [2006-03-07 111872]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [2011-09-20 30600]

R3 SVRPEDRV;SVRPEDRV; [x]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [2011-09-20 19792]

R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\DRIVERS\WN111v2v.sys [2008-09-30 449536]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [2011-10-08 18768]

R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2011-09-30 16024]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]

S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2008-10-01 20384]

S1 MpKsl04a6705e;MpKsl04a6705e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EC4800B-81FE-4FE6-8A0A-556C93F0CAC8}\MpKsl04a6705e.sys [x]

S1 MpKslef8cd5a3;MpKslef8cd5a3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E2BF327-44F7-430F-B0C8-F33E3760B575}\MpKslef8cd5a3.sys [2011-12-13 29904]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]

S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2011-10-08 820568]

S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-09-30 224920]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLEF8CD5A3

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.msn.com

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0DE3203E-4705-4275-AEBD-818FF3D27782}: NameServer = 156.154.70.22,156.154.71.22

TCP: Interfaces\{EA546370-0AC7-44FD-97F3-45013FFE9B7C}: NameServer = 156.154.70.22,156.154.71.22

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)

SafeBoot-CLPSLS

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-12-13 23:12

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,b6,45,04,74,2e,69,40,9a,cf,b8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,b6,45,04,74,2e,69,40,9a,cf,b8,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,b6,45,04,74,2e,69,40,9a,cf,b8,\

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.HTM"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.MHT"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="IE.AssocFile.URL"

.

[HKEY_USERS\S-1-5-21-2879997145-2885506872-2669082525-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2011-12-13 23:14:12

ComboFix-quarantined-files.txt 2011-12-14 04:14

.

Pre-Run: 91,275,931,648 bytes free

Post-Run: 91,129,982,976 bytes free

.

- - End Of File - - F891F766DD90CE98E6D8D0AE94E87304

[Stuck]

Left running

 

The machine has been left running and not re-booted. There have been no prompts for re-boot. No other alterations except for the IE information gathered by coming here.

 

Thanks Dave:smile:

 

-Stuck

[Superdave]

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • Hidden Files << Selected
    

  [*]At the bottom of the page

  • Hidden Objects Only << Selected
    

  [*]Click on the Create Log button on the bottom right.

  [*]After a few seconds a new window should appear.

  [*]Select Scan Root Drive. Click on the Start button.

  [*]When it is complete a new window will appear to indicate that the scan is finished.

  [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

[Stuck]

Sysprot log

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0EC4800B-81FE-4FE6-8A0A-556C93F0CAC8}\MpKsl04a6705e.sys

Service Name: MpKsl04a6705e

Module Base: 8F689000

Module End: 8F68F000

Hidden: Yes

 

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys

Service Name: ---

Module Base: 8F6B3000

Module End: 8F77B000

Hidden: Yes

 

Module Name: \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: AFC7E000

Module End: AFC80000

Hidden: Yes

 

Module Name: \??\C:\Users\Mel\AppData\Local\Temp\catchme.sys

Service Name: catchme

Module Base: AFC80000

Module End: AFC88000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwTerminateProcess

Address: 8F626320

Driver Base: 8F61C000

Driver End: 8F63D000

Driver Name: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

 

Object: C:\Users\Mel\Music\Lynyrd Skynyrd\Most of my music\Ralph Stanley (w Ricky Skaggs,\Classic Stanley (Disc 1)\__INCOMPLETE___Bluegrass Gospel - Ralph Stanley - Who Will Sing for Me (w Ricky Skaggs- Keith Whitley & Roy Lee Centers)01dc86d554d5d93e6cfd949b8574

Status: Hidden

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Status: Access denied

 

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Status: Access denied

[Superdave]

What's the status of your computer now?

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[Stuck]

Running ESET now.

 

My Windows security service denys me access and is turned off. I am the Admin and have done everything I can to access it within the system It reports that I am denied permission to turn on.

 

Windows Defender reports that it is turned off... when I turn it on, the service starts and the Defender icon appears in the tray, then disappears after about 10 seconds... but the service remains running even though the Icon is gone. Before your assistance, It would not come on at all.

 

I will have to reinstall FF and Opera. They are the browsers that were Hijacked and I had uninstalled them using REVO / advanced.

 

I just re-booted for the first time and the boot was normal... a bit quicker than it was booting. I will run Eset now and post the log, usually takes right at two hours on my system.

 

Thanks Dave!!:grin:

 

-Stuck

[Stuck]

Defender Icon

 

The Defender Icon just suddenly appeared in my System tray after about 10 minutes. So... I started the service, the Icon appeared, then disappeared after about 20 seconds (service still running in background), then after about 10 minutes it mysteriously re-appeared in the tray.

 

Curious!!!:?

[Superdave]

Let's run a few more scans to see what turns up.

 

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

[Stuck]

Here is Eset... No threats

 

Snapshot of screen... nothing to post.

[Stuck]

Forgot to attach...

 

Here is the screenshot...

[Stuck]

Should I get the Avast or continue without??

[Stuck]

I will uninstall MSE and get the Avast if that is preferable...

 

 

Thanks again dave!!:mrgreen:

[Stuck]

Didn't wait... uninstalled Mse and downloaded Avast files. Then launched. Log to be posted soon,

[Stuck]

aswMBR log

 

aswMBR was not clear that it only wanted the definitions file from Avast... so I took the precaution. The log is here:

 

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-12-14 19:25:22

-----------------------------

19:25:22.813 OS Version: Windows 6.0.6002 Service Pack 2

19:25:22.813 Number of processors: 2 586 0xF0D

19:25:22.813 ComputerName: MELS-BABY UserName: Mel

19:25:25.746 Initialize success

20:01:26.075 AVAST engine defs: 11121402

20:01:32.611 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

20:01:32.611 Disk 0 Vendor: Hitachi_ BBDO Size: 190782MB BusType: 3

20:01:32.611 Disk 0 MBR read successfully

20:01:32.627 Disk 0 MBR scan

20:01:32.627 Disk 0 Windows VISTA default MBR code

20:01:32.627 Disk 0 scanning sectors +390719920

20:01:32.736 Disk 0 scanning C:\Windows\system32\drivers

20:01:51.737 Service scanning

20:01:52.907 Modules scanning

20:02:00.255 Disk 0 trace - called modules:

20:02:00.270 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

20:02:00.286 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e9eac8]

20:02:00.286 3 CLASSPNP.SYS[8a1118b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84f1f028]

20:02:02.220 AVAST engine scan C:\Windows

20:02:08.819 AVAST engine scan C:\Windows\system32

20:04:56.503 AVAST engine scan C:\Windows\system32\drivers

20:05:07.392 AVAST engine scan C:\Users\Mel

20:10:07.271 AVAST engine scan C:\ProgramData

20:10:45.631 Scan finished successfully

20:14:49.600 Disk 0 MBR has been saved successfully to "C:\Users\Mel\Desktop\MBR.dat"

20:14:49.615 The log file has been saved successfully to "C:\Users\Mel\Desktop\aswMBR.txt"

 

 

- Stuck:smile:

[Stuck]

Asw creation.

 

Asw created this file which I'm not able to open.

aswMBR.txt

[Stuck]

Asw creation.

 

Asw created this file which I'm not able to open. nevermind, the files merged.

[Stuck]

Running now with no active A/V. Not going outside of Iobit forum until advised.

 

-stuck

[Stuck]

This is the file I can't open, I suspect it is only a text file/copy of what I've posted.