Hijacked settings

[douge73]

Hello all, my name is Doug. I was instructed to use hijackthis and copy the log on this forum so here it is as an attachment.

Thank you very much. :-D

hijackthis 3.txt

[Superdave]

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

What sort of problems are you having with your computer?

 

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

 

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download DDS from HERE or HERE and save it to your desktop.

 

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

 

* XP users Double click on dds to run it.

* If your antivirus or firewall try to block DDS then please allow it to run.

* When finished DDS will open two (2) logs.

* Save both reports to your desktop.

* The instructions here ask you to attach the Attach.txt.

 

http://i424.photobucket.com/albums/pp322/digistar/DDS.jpg

 

1) DDS.txt

2) Attach.txt

Instead of attaching, please copy/past both logs into your Thread

 

Note: DDS will instruct you to post the Attach.txt log as an attachment.

Please just post it as you would any other log by copying and pasting it into the reply.

 

•Close the program window, and delete the program from your desktop.

 

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

[douge73]

Hi Dave, I appreciate your help. My computer is slow and lagging. It seems to get worse the longer I'm on it.

[douge73]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 03/31/2012 at 09:29 PM

 

Application Version : 5.0.1146

 

Core Rules Database Version : 8402

Trace Rules Database Version: 6214

 

Scan type : Complete Scan

Total Scan Time : 01:12:33

 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User

 

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 64906

Registry threats detected : 0

File items scanned : 144867

File threats detected : 228

 

Adware.Tracking Cookie

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\WYNFUA9R.txt [ /ads.nj.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\ZKHUN5T2.txt [ /bbfadnet.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\P59BZWCJ.txt [ /ads.oregonlive.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\X9I00HGB.txt [ /a1.interclick.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\1BJPW6NK.txt [ /in.getclicky.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\3WNRHZCG.txt [ /ads.mlive.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\HG8IKZHT.txt [ /ads.undertone.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\6M38Q7Z6.txt [ /ads.syracuse.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\IS7YK5XK.txt [ /accounts.google.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\93A37KEM.txt [ /collective-media.net ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\VNRYBUC3.txt [ /lucidmedia.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\SOCJ60JI.txt [ /media.adfrontiers.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\0NTIIT19.txt [ /media2.legacy.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\E3I9OHMY.txt [ /ads.pennlive.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\CTWWK9BS.txt [ /ads.cleveland.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\6YHGMWXH.txt [ /akamai.interclickproxy.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\21PMT32H.txt [ /invitemedia.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\7R9VXLZS.txt [ /ads.al.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\RBIK9882.txt [ /ads.masslive.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\WU6UF4B4.txt [ /ads.pubmatic.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\Z0RUIH6J.txt [ /clickfuse.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\AEVSACMT.txt [ /legolas-media.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\JET15N8U.txt [ /media6degrees.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\L90AXO78.txt [ /stats.paypal.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\766PLYW4.txt [ /interclick.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\OO9CSHYX.txt [ /kanoodle.com ]

C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Cookies\IR5M8AA8.txt [ /lfstmedia.com ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\SOVA1HN4.txt [ Cookie:fran@adsonar.com/adserving ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@8countnews[2].txt [ Cookie:fran@8countnews.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJJWCKVN.txt [ Cookie:fran@bbfadnet.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@in.getclicky[1].txt [ Cookie:fran@in.getclicky.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@mediaite[1].txt [ Cookie:fran@mediaite.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adxpose[1].txt [ Cookie:fran@adxpose.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YH5OGG9D.txt [ Cookie:fran@cn.clickable.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OMHJ6HT2.txt [ Cookie:fran@clicksor.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\T5WST1XI.txt [ Cookie:fran@pornhub.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q8HRGNET.txt [ Cookie:fran@fidelity.rotator.hadj7.adjuggler.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\M7XCGCSV.txt [ Cookie:fran@adsonar.com/adserving ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5C8DQ3F8.txt [ Cookie:fran@linksynergy.walmart.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@c.gigcount[1].txt [ Cookie:fran@c.gigcount.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@tracking.livingsocial[2].txt [ Cookie:fran@tracking.livingsocial.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\AL3C03R1.txt [ Cookie:fran@mediaforge.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QHWY30RX.txt [ Cookie:fran@stats.paypal.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.mediaite[2].txt [ Cookie:fran@www.mediaite.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@themediaczar[1].txt [ Cookie:fran@themediaczar.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@agitmedia[1].txt [ Cookie:fran@agitmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VE8UVDXE.txt [ Cookie:fran@adxpansion.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@banners.facebookofsex[1].txt [ Cookie:fran@banners.facebookofsex.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TLSA3TKA.txt [ Cookie:fran@www.pornhub.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@himedia.individuad[1].txt [ Cookie:fran@himedia.individuad.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@media.abovetopsecret[2].txt [ Cookie:fran@media.abovetopsecret.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\9ZHAZJ4Q.txt [ Cookie:fran@pornhublive.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@specificmedia[1].txt [ Cookie:fran@specificmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@my.web2stats[1].txt [ Cookie:fran@my.web2stats.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@traffic.tcmagnet[1].txt [ Cookie:fran@traffic.tcmagnet.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.scenicreflections[1].txt [ Cookie:fran@www.scenicreflections.com/media/272278/Planet_X_Wallpaper/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\X6VZ7Z1U.txt [ Cookie:fran@optimize.indieclick.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\UHH2HZH2.txt [ Cookie:fran@www.clickmanage.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\INYL62HG.txt [ Cookie:fran@count.rbc.ru/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WV9C8HFW.txt [ Cookie:fran@gsimedia.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@stats.gamestop[1].txt [ Cookie:fran@stats.gamestop.com/dcs57s88c100000c5c2m0gqn8_5f4x ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\XC845EZU.txt [ Cookie:fran@lfstmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@banner.bcadventure[2].txt [ Cookie:fran@banner.bcadventure.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.free-celebrity-porn[1].txt [ Cookie:fran@www.free-celebrity-porn.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@stats.gamestop[2].txt [ Cookie:fran@stats.gamestop.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@sexier[1].txt [ Cookie:fran@sexier.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@videos.mediaite[2].txt [ Cookie:fran@videos.mediaite.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@lucidmedia[4].txt [ Cookie:fran@lucidmedia.com/clicksense/admeld/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@wt.xxxmatch[1].txt [ Cookie:fran@wt.xxxmatch.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8I90ZBWT.txt [ Cookie:fran@findnsave.sacbee.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@searchnet.chitika[2].txt [ Cookie:fran@searchnet.chitika.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ie-stat.bmmetrix[2].txt [ Cookie:fran@ie-stat.bmmetrix.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N2SLYPL1.txt [ Cookie:fran@google.com/privacy/ads/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPJ62OQX.txt [ Cookie:fran@intermundomedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MGHEC5R0.txt [ Cookie:fran@realmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.grapeshot-media[2].txt [ Cookie:fran@www.grapeshot-media.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JPV6170V.txt [ Cookie:fran@affiliate.utatracker.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MC8HXUY3.txt [ Cookie:fran@accounts.youtube.com/accounts ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.xxxmatch[2].txt [ Cookie:fran@www.xxxmatch.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\62UC8IEB.txt [ Cookie:fran@z.blogads.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.adultfilmdatabase[2].txt [ Cookie:fran@www.adultfilmdatabase.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6MYXSPVH.txt [ Cookie:fran@eas.apm.emediate.eu/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@accountonline[2].txt [ Cookie:fran@accountonline.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\92S07M3C.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1003803541/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\NM0OSV7I.txt [ Cookie:fran@www.xxxvidzpics.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@pornografish[2].txt [ Cookie:fran@pornografish.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adult.hotmovies[1].txt [ Cookie:fran@adult.hotmovies.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\QTO0MEL0.txt [ Cookie:fran@www.jenniporn.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adultdvdmarketplace[2].txt [ Cookie:fran@adultdvdmarketplace.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@a.gmtrack[1].txt [ Cookie:fran@a.gmtrack.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@www.gumaxxx[1].txt [ Cookie:fran@www.gumaxxx.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KK4RDJN7.txt [ Cookie:fran@mediabrandsww.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRL1DZB5.txt [ Cookie:fran@ads.pornerbros.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@stats.townnews[1].txt [ Cookie:fran@stats.townnews.com/montgomerynews.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YBKU1FQ5.txt [ Cookie:fran@www.chrumedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\SOBRYYTW.txt [ Cookie:fran@pfa.rotator.hadj7.adjuggler.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PFFGXKBO.txt [ Cookie:fran@pluckit.demandmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@ads2.zeusclicks[1].txt [ Cookie:fran@ads2.zeusclicks.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@banners.sexfinder[2].txt [ Cookie:fran@banners.sexfinder.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQ5CYBCX.txt [ Cookie:fran@viewablemedia.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZPS2FOPP.txt [ Cookie:fran@tracking.godatafeed.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\N17TG8OL.txt [ Cookie:fran@www.adultswim.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\BMPDVUL1.txt [ Cookie:fran@adserver1.synapseip.tv/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@foxyfemalecelebs[1].txt [ Cookie:fran@foxyfemalecelebs.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJQ6JTRB.txt [ Cookie:fran@girlsteachsex.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\O0ZH27J0.txt [ Cookie:fran@kanoodle.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H82Y4HSD.txt [ Cookie:fran@www.chrumedia.com/cj/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VPIG50G6.txt [ Cookie:fran@at.atwola.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZP704IU7.txt [ Cookie:fran@findadeath.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GK6XV1WJ.txt [ Cookie:fran@www.findfreegraphics.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\IIWUTL96.txt [ Cookie:fran@ox-d.w00tmedia.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\fran@adform[1].txt [ Cookie:fran@adform.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LWU0VUD7.txt [ Cookie:fran@amazon-adsystem.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\14KU9TL8.txt [ Cookie:fran@www.deepdiscount.com/video-games_video-games_playstation-3/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1PVI5I17.txt [ Cookie:fran@clickfuse.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WKR5JV7Q.txt [ Cookie:fran@bizrate.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\6DD0FWVO.txt [ Cookie:fran@tracking-technology.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\LVULWAM4.txt [ Cookie:fran@www.ocsadtrack.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4O53SMEH.txt [ Cookie:fran@tacoda.at.atwola.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\L15Z11CS.txt [ Cookie:fran@freethesaurus.net/ads/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\OFNQKCWX.txt [ Cookie:fran@findfreegraphics.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YN8OL653.txt [ Cookie:fran@clickaider.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\91J9DYHE.txt [ Cookie:fran@ar.atwola.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KATJ0Z24.txt [ Cookie:fran@www.deepdiscount.com/index.cfm/fuseaction/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\11610L7E.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1071319000/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3KHLZSIK.txt [ Cookie:fran@adscendmedia.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\CGZE81HS.txt [ Cookie:fran@themis-media.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\01FL0Y3A.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1071224235/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\VNGW72W3.txt [ Cookie:fran@akamai.interclickproxy.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\GW7NCVVA.txt [ Cookie:fran@tracklink.meritline.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PEITE188.txt [ Cookie:fran@crackle.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\V2XYNTV9.txt [ Cookie:fran@medialand.ru/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\19NLW1N9.txt [ Cookie:fran@digilander.libero.it/SATrack/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\4IAHBDBA.txt [ Cookie:fran@pornless.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1YMT29TK.txt [ Cookie:fran@deepdiscount.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YP2CYBBY.txt [ Cookie:fran@rebellionmedia.rotator.hadj7.adjuggler.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\HUQR2A3O.txt [ Cookie:fran@yieldmanager.net/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\PHR5YG5P.txt [ Cookie:fran@accounts.google.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\0EYQOAI3.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1069112250/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\YCR4YYS8.txt [ Cookie:fran@sdctrack2.thomasnet.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\19ECQP2E.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1071971356/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\1QA6SDAU.txt [ Cookie:fran@adserver.twitpic.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\W9RBGQI8.txt [ Cookie:fran@traveladvertising.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZC6USY83.txt [ Cookie:fran@account.woot.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\WVB0G65L.txt [ Cookie:fran@delivery.trafficbroker.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\KCCPOMY2.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1015215111/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\8IUBZ15I.txt [ Cookie:fran@www.pornerbros.com/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\5Y5XSKKC.txt [ Cookie:fran@www.googleadservices.com/pagead/conversion/1033652328/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\3N3PBBL2.txt [ Cookie:fran@engine.rbc.medialand.ru/ ]

C:\USERS\FRAN\AppData\Roaming\Microsoft\Windows\Cookies\Low\H35M6305.txt [ Cookie:fran@adserver.adtechus.com/ ]

C:\USERS\FRAN\Cookies\ZKHUN5T2.txt [ Cookie:fran@bbfadnet.com/ ]

C:\USERS\FRAN\Cookies\1BJPW6NK.txt [ Cookie:fran@in.getclicky.com/ ]

C:\USERS\FRAN\Cookies\IS7YK5XK.txt [ Cookie:fran@accounts.google.com/ ]

C:\USERS\FRAN\Cookies\SOVA1HN4.txt [ Cookie:fran@adsonar.com/adserving ]

C:\USERS\FRAN\Cookies\6YHGMWXH.txt [ Cookie:fran@akamai.interclickproxy.com/ ]

C:\USERS\FRAN\Cookies\Z0RUIH6J.txt [ Cookie:fran@clickfuse.com/ ]

C:\USERS\FRAN\Cookies\L90AXO78.txt [ Cookie:fran@stats.paypal.com/ ]

C:\USERS\FRAN\Cookies\OO9CSHYX.txt [ Cookie:fran@kanoodle.com/ ]

C:\USERS\FRAN\Cookies\IR5M8AA8.txt [ Cookie:fran@lfstmedia.com/ ]

ad.insightexpressai.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

assets.porn.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

banners.securedataimages.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

cdn.insights.gravity.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

cdn.tremormedia.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

content.oddcast.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

convoad.technoratimedia.net [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

crackle.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

data-ero-advertising.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

i.adultswim.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

ia.media-imdb.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

ictv-ic-ec.indieclicktv.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

kona.kontera.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

konac.kontera.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.adxpansion.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.heavy.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.ign.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.mtvnservices.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.scanscout.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.socialvibe.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media.whosay.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media1.break.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media10.washingtonpost.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

media3.break.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

mediacast.realgravity.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

msnbcmedia.msn.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

objects.tremormedia.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

s0.2mdn.net [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

secure-uk.imrworldwide.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

secure-us.imrworldwide.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

speed.pointroll.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

static.discoverymedia.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

http://www.ahairytube.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

http://www.theclassicporn.com [ C:\USERS\FRAN\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\7PAFGVRZ ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@A1.INTERCLICK[2].TXT [ /A1.INTERCLICK ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@AD.ADBULL[2].TXT [ /AD.ADBULL ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@AD.LEADBOLT[1].TXT [ /AD.LEADBOLT ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.CAROCEAN.CO[1].TXT [ /ADS.CAROCEAN.CO ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.CNN[1].TXT [ /ADS.CNN ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.CONTACTMUSIC[1].TXT [ /ADS.CONTACTMUSIC ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.EHAM[1].TXT [ /ADS.EHAM ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.GODLIKEPRODUCTIONS[1].TXT [ /ADS.GODLIKEPRODUCTIONS ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.LZJL[2].TXT [ /ADS.LZJL ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.MAIL[1].TXT [ /ADS.MAIL ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.NBA[2].TXT [ /ADS.NBA ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.PGATOUR[2].TXT [ /ADS.PGATOUR ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.TECHWEB[2].TXT [ /ADS.TECHWEB ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.WORLDSTARHIPHOP[1].TXT [ /ADS.WORLDSTARHIPHOP ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADS.ZEUSCLICKS[1].TXT [ /ADS.ZEUSCLICKS ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@ADULTFILMDATABASE[1].TXT [ /ADULTFILMDATABASE ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@BEHINDTHECOUNTER[1].TXT [ /BEHINDTHECOUNTER ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@BURSTNETADS[2].TXT [ /BURSTNETADS ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@DISCOUNTWATCHSTORE[2].TXT [ /DISCOUNTWATCHSTORE ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@EDGEADX[1].TXT [ /EDGEADX ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@FORUM.ROTATOR.HADJ7.ADJUGGLER[1].TXT [ /FORUM.ROTATOR.HADJ7.ADJUGGLER ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@FURNITUREFIND[1].TXT [ /FURNITUREFIND ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@GUMAXXX[1].TXT [ /GUMAXXX ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@HARRENMEDIANETWORK[1].TXT [ /HARRENMEDIANETWORK ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@LUCIDMEDIA[1].TXT [ /LUCIDMEDIA ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@MEDIAFIRE[1].TXT [ /MEDIAFIRE ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@POPULARMEDIA[1].TXT [ /POPULARMEDIA ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@PORNSTARCLASSICS[2].TXT [ /PORNSTARCLASSICS ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@STATS.ILIVID[1].TXT [ /STATS.ILIVID ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@THECLASSICPORN[1].TXT [ /THECLASSICPORN ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@TRACKER.OPTICSPLANET[2].TXT [ /TRACKER.OPTICSPLANET ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@TRACKING.INUVO[2].TXT [ /TRACKING.INUVO ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@WWW.ADULTDVDMARKETPLACE[2].TXT [ /WWW.ADULTDVDMARKETPLACE ]

C:\USERS\FRAN\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\FRAN@WWW.DISCOUNTWATCHSTORE[1].TXT [ /WWW.DISCOUNTWATCHSTORE ]

[douge73]

Just out of curiosity, should I click the tab "close internet explorer while scanning" in MALWAREBYTES ANTIMALWARE?

[douge73]

I ran Antimalwarebytes and it found no errors. I already had it installed for a while now just to let you know.

[douge73]

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Fran at 10:06:45 on 2012-04-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2308 [GMT -6:00]

.

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\system32\atiesrxx.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\atieclxx.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\windows\system32\taskhost.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\Explorer.EXE

C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.glarysoft.com/?src=iehome

uDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076

mDefault_Page_URL = hxxp://isearch.glarysoft.com/?src=iehome

mStart Page = hxxp://isearch.glarysoft.com/?src=iehome

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 192.168.200.1

TCP: Interfaces\{38B9C603-5D43-4063-BC45-D2EDF129B04D} : DhcpNameServer = 192.168.200.1

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\coIEPlg.dll

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 127.0.0.1 http://www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-19 1157240]

R1 GIDv2;GIDv2;C:\windows\system32\drivers\GIDv2.sys --> C:\windows\system32\drivers\GIDv2.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSviA64.sys [2012-3-30 488568]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS --> C:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS --> C:\windows\system32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-25 913752]

R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]

R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-3-27 66632]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-15 652360]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-10 1153368]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-3-13 138360]

R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 135664]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-7 135664]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

S4 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]

S4 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-11-23 297344]

S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-25 51512]

S4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]

S4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]

S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]

.

=============== Created Last 30 ================

.

2012-04-01 02:09:35 -------- d-----w- C:\Users\Fran\AppData\Roaming\SUPERAntiSpyware.com

2012-04-01 02:08:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-04-01 02:08:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-03-30 14:27:42 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F726F570-D69A-4AC2-9A8C-FF6EECB52D7D}\mpengine.dll

2012-03-15 03:22:25 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-03-15 03:22:24 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 03:22:23 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:14:07 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-03-14 12:14:04 1544192 ----a-w- C:\windows\System32\DWrite.dll

2012-03-14 12:14:04 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll

2012-03-14 12:14:02 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-03-14 12:14:02 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-03-14 12:14:02 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-03-14 12:13:30 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll

2012-03-14 12:13:30 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys

2012-03-14 12:13:30 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-03-14 12:13:30 1031680 ----a-w- C:\windows\System32\rdpcore.dll

2012-03-06 08:31:12 -------- d-----w- C:\Users\Fran\AppData\Local\AOL

.

==================== Find3M ====================

.

2012-02-23 15:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-02-16 09:11:09 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44:20 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

.

============= FINISH: 10:07:22.48 ===============

[douge73]

I tried to uninstall dds but a dialogue box pops up that says its in use. I tried Adv Sys Care 5 shredder and Glary Util file shredder.

[Superdave]

You only posted one of the DDS logs. Please post the other one.

 

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

*****************************************************

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
   
  You will see the following image:
  

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[douge73]

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/7/2010 4:52:44 PM

System Uptime: 4/1/2012 10:52:42 AM (1 hours ago)

.

Motherboard: TOSHIBA | | NTWAE

Processor: AMD Turion II Dual-Core Mobile M520 | Socket M2/S1G1 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 288 GiB total, 233.63 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #3

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SBRE

Device ID: ROOT\LEGACY_SBRE\0000

Manufacturer:

Name: SBRE

PNP Device ID: ROOT\LEGACY_SBRE\0000

Service: SBRE

.

==== System Restore Points ===================

.

RP547: 3/6/2012 12:08:20 AM - Windows Update

RP548: 3/9/2012 1:34:22 PM - Windows Update

RP549: 3/13/2012 10:01:13 AM - Windows Update

RP550: 3/14/2012 9:19:34 PM - Windows Update

RP551: 3/20/2012 3:13:37 AM - Windows Update

RP552: 3/23/2012 3:56:22 AM - Windows Update

RP553: 3/27/2012 7:44:38 AM - Windows Update

RP554: 3/30/2012 8:27:00 AM - Windows Update

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Reader X (10.1.0)

Advanced SystemCare 5

AIM for Windows

Apple Application Support

Apple Software Update

Bejeweled 2 Deluxe

Blackhawk Striker 2

Canon Easy-PhotoPrint EX

Canon MP Navigator EX 4.0

Canon MP280 series User Registration

Canon My Printer

Canon Solution Menu EX

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Constant Guard Protection Suite

Content Transfer

Coupon Printer for Windows

Digital Photo Navigator 1.5

erLT

Everio MediaBrowser HD Edition

Faerie Solitaire

FATE Undiscovered Realms

Glary Utilities 2.42.0.1389

Google Update Helper

GuardedID

Java 6 Update 14

Junk Mail filter update

Label@Once 1.0

Logitech SetPoint

Malwarebytes Anti-Malware version 1.60.1.1000

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Monopoly

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

Mystery P.I. - The Vegas Heist

Norton Security Suite

PhotoScape

Polar Bowler

Quickbooks Financial Center

Realtek 8136 8168 8169 Ethernet Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Realtek WLAN Driver

Scrabble Plus

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Skype Launcher

Spybot - Search & Destroy

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Extended Tiles for Windows Mobility Center

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Internal Modem Region Select Utility

TOSHIBA Media Controller

Toshiba Online Backup

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Speech System Applications

TOSHIBA Speech System SR Engine(U.S.) Version1.0

TOSHIBA Speech System TTS Engine(U.S.) Version1.0

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

TuneUp Utilities Language Pack (en-US)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Utility Common Driver

Virtual Families

Virtual Villagers - The Secret City

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 0.9.2

WildTangent Games

WildTangent ORB Game Console

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Wondershare Vivideo(Build 2.0.0.10)

YouTube Downloader 3.3

.

==== Event Viewer Messages From Past Week ========

.

4/1/2012 11:46:06 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

4/1/2012 11:45:48 AM, Error: atikmdag [43029] - Display is not active

4/1/2012 10:23:23 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

4/1/2012 10:22:53 AM, Error: Service Control Manager [7000] - The TOSHIBA Optical Disc Drive Service service failed to start due to the following error: The system cannot find the path specified.

4/1/2012 10:22:33 AM, Error: Service Control Manager [7000] - The SBRE service failed to start due to the following error: The system cannot find the file specified.

4/1/2012 10:22:30 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

.

==== End Of File ===========================

[solbjerg]

Hi douge

By me ( Danish) I see 5 files highligted with what looks like 5 Danish mobil phone numbers and 1 file about some Danish file that Norton picks up from the 30-3-2012.

Is this any help at all?

Cheers

solbjerg

 

I tried to uninstall dds but a dialogue box pops up that says its in use. I tried Adv Sys Care 5 shredder and Glary Util file shredder.

[douge73]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-04-01 13:45:08

-----------------------------

13:45:08.111 OS Version: Windows x64 6.1.7601 Service Pack 1

13:45:08.111 Number of processors: 2 586 0x602

13:45:08.112 ComputerName: FRAN-PC UserName: Fran

13:45:09.480 Initialize success

13:45:17.011 AVAST engine defs: 12040100

13:45:27.956 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:45:27.958 Disk 0 Vendor: WDC_WD3200BEVT-26ZCT0 12.01A12 Size: 305245MB BusType: 11

13:45:27.974 Disk 0 MBR read successfully

13:45:27.976 Disk 0 MBR scan

13:45:27.980 Disk 0 Windows VISTA default MBR code

13:45:27.987 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

13:45:28.004 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294603 MB offset 3074048

13:45:28.041 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9141 MB offset 606420992

13:45:28.077 Disk 0 scanning C:\windows\system32\drivers

13:45:39.262 Service scanning

13:46:00.529 Modules scanning

13:46:00.535 Disk 0 trace - called modules:

13:46:00.585 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

13:46:00.588 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a9c790]

13:46:00.591 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049f0060]

13:46:01.615 AVAST engine scan C:\

15:54:19.789 Scan finished successfully

15:55:14.138 Disk 0 MBR has been saved successfully to "C:\Users\Fran\Desktop\MBR.dat"

15:55:14.142 The log file has been saved successfully to "C:\Users\Fran\Desktop\aswMBR.txt"

[douge73]

Hi Solbjerg, I don't know what to do with that info. Thanks.

[douge73]

Dave, I'm having trouble turning off Norton Antivirus for Combofix. I can turn off real time protection and the antispam but not the antivirus itself.

[Superdave]

Dave, I'm having trouble turning off Norton Antivirus for Combofix. I can turn off real time protection and the antispam but not the antivirus itself.

 

Please turn off what you can and run ComboFix.

[douge73]

ComboFix 12-04-01.01 - Fran 04/01/2012 20:42:41.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.1766 [GMT -6:00]

Running from: c:\users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y8M3MZXE\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setup.dll

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.dat

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.exe

c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\Setup.ico

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\Fran\AppData\Roaming\Local

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.2258322.avi&b=112(2).ddr

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.2258322.avi&b=112(3).ddr

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.2258322.avi&b=112(4).ddr

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.2258322.avi&b=112(5).ddr

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.2258322.avi&b=112.ddr

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(5).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322(2).avi&b=112

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322(3).avi&b=112

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322.avi&b=112

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322.avi&b=112(2).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322.avi&b=112(3).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5.2258322.avi&b=112(4).ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\uczwlgcxrfss.avi.ddp

c:\users\Fran\AppData\Roaming\Local\Temp\DDM\Settings\uczwlgcxrfss.avi.ddr

.

.

((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 )))))))))))))))))))))))))))))))

.

.

2012-04-02 02:53 . 2012-04-02 02:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-01 02:09 . 2012-04-01 02:09 -------- d-----w- c:\users\Fran\AppData\Roaming\SUPERAntiSpyware.com

2012-04-01 02:08 . 2012-04-01 02:09 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-04-01 02:08 . 2012-04-01 02:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-03-30 14:27 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F726F570-D69A-4AC2-9A8C-FF6EECB52D7D}\mpengine.dll

2012-03-15 03:22 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-15 03:22 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-15 03:22 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 12:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-14 12:14 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-14 12:14 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:14 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:13 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:13 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-14 12:13 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:13 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-06 08:31 . 2012-03-06 08:31 -------- d-----w- c:\users\Fran\AppData\Local\AOL

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 15:18 . 2010-06-17 01:28 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-16 09:11 . 2011-07-28 19:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44 . 2012-02-15 01:17 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 01:17 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-07 574296]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-3-27 5581896]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-20 1207312]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"GIDDesktop"=c:\program files (x86)\SFT\GuardedID\gidd.exe /s

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe"

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"CanonSolutionMenuEx"=c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

"ContentTransferWMDetector.exe"=c:\program files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 135664]

R2 SBRE;SBRE; [x]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 135664]

R3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]

R4 taisregispinger;taisregispinger;c:\program files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2009-08-13 297344]

R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]

R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]

R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0502000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0502000.00D\SYMEFA64.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

S1 GIDv2;GIDv2; [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120330.002\IDSvia64.sys [2012-03-06 488568]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0502000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0502000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]

S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-03-27 66632]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 16:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-02 c:\windows\Tasks\GlaryInitialize.job

- c:\program files (x86)\Glary Utilities\initialize.exe [2010-06-17 02:33]

.

2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 23:26]

.

2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 23:26]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://isearch.glarysoft.com/?src=iehome

mStart Page = hxxp://isearch.glarysoft.com/?src=iehome

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.200.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-01 21:09:22 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-02 03:09

.

Pre-Run: 250,950,008,832 bytes free

Post-Run: 250,549,997,568 bytes free

.

- - End Of File - - 93C588F008FD4DE9A5BF8618802AB449

[Superdave]

Please download Rooter and Save it to your desktop.

• Double click it to start the tool.Vista and Windows7 run as administrator.
  
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

[douge73]

I tried rooter but it keeps hanging up on "scanning scheduled tasks". I have my task scheduler turned off. I usually run scans manually.

[Superdave]

Ok. Let's try this one.

 

Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

 

You will need to enter your name, e-mail address and location in order to access the download page.

 

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
   
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
  
• Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
  
  • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    
  • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
    

  [*]If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry

  [*]To clean up these entries click on the Clean up checked items button

  [*]If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up

  [*]Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so

  [*]When you have re-booted,and tell me how your computer is running now

[douge73]

It won't let me put a check mark next to running processes

[Superdave]

It won't let me put a check mark next to running processes

Please try running it without the check mark.

[douge73]

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SECURITY. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\L sa\Audit\PerUserAuditing\System. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ PolicyAgent\Parameters\Cache. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\L sa\Audit\PerUserAuditing\System. You may not have access rights to the whole registry.

 

Access is denied.

 

Warning: Failed to query live registry key \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\ PolicyAgent\Parameters\Cache. You may not have access rights to the whole registry.

 

Access is denied.

 

[Superdave]

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

[douge73]

Do I need to shut disable my other anti virus programs?

[Superdave]

Do I need to shut disable my other anti virus programs?

 

No, not for this one.