Hijacked browser - Can't run ERUNT or DDS

[felhet]

Hello,

Thank you for all the help. I did what you said. The ESET said therewere no infected files found. Below are the combofix and DDS logs.

Thanks!


ComboFix 11-05-19.02 - herecomesyourbride 05/21/2011 14:12:50.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.394 [GMT -4:00]
Running from: c:\users\herecomesyourbride\Desktop\ComboFix.exe
Command switches used :: c:\users\herecomesyourbride\Desktop\CFScript.txt
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 18:30 . 2011-05-21 18:31 -------- d-----w- c:\users\herecomesyourbride\AppData\Local\temp
2011-05-21 18:30 . 2011-05-21 18:31 -------- d-----w- c:\users\HERECO~1\AppData\Local\temp
2011-05-21 18:30 . 2011-05-21 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-19 01:11 . 2011-05-19 01:11 -------- d-sh--w- c:\users\herecomesyourbride\%APPDATA%
2011-05-19 00:06 . 2011-05-19 00:06 -------- d-----w- C:\%APPDATA%
2011-05-18 01:43 . 2011-04-18 13:15 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{595F2E56-6067-48E5-AFB2-2B280DB56BB3}\mpengine.dll
2011-05-11 12:33 . 2011-05-11 12:33 -------- d-----w- C:\968538762a2e98f29148d99eea6e7a
2011-05-11 12:33 . 2011-05-11 12:33 -------- d-----w- C:\1128504acd42e1c326b3
2011-05-11 12:33 . 2011-05-11 12:33 -------- d-----w- C:\_961618_
2011-05-11 12:18 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-07 21:15 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-07 01:14 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-07 01:14 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-06 21:13 . 2011-05-06 21:13 -------- d-----w- c:\windows\en
2011-05-06 21:12 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-06 21:08 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-06 21:08 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-06 21:08 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-06 14:30 . 2011-05-06 14:30 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\1a9595501cc0bfa1f\MeshBetaRemover.exe
2011-05-06 14:29 . 2011-05-06 14:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8de5b901cc0bf918\DSETUP.dll
2011-05-06 14:29 . 2011-05-06 14:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8de5b901cc0bf918\DXSETUP.exe
2011-05-06 14:29 . 2011-05-06 14:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\f8de5b901cc0bf918\dsetup32.dll
2011-05-06 14:29 . 2011-05-06 14:29 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\f76642501cc0bf917\DSETUP.dll
2011-05-06 14:29 . 2011-05-06 14:29 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\f76642501cc0bf917\DXSETUP.exe
2011-05-06 14:29 . 2011-05-06 14:29 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\f76642501cc0bf917\dsetup32.dll
2011-05-06 14:26 . 2011-05-06 14:26 -------- d-----w- c:\users\herecomesyourbride\AppData\Local\Windows Live
2011-05-06 14:26 . 2011-05-06 14:26 -------- d-----w- c:\users\HERECO~1\AppData\Local\Windows Live
2011-05-06 14:25 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-06 14:13 . 2011-05-06 14:13 -------- d-----w- C:\b5392d0d3685782584a3c867805e
2011-05-06 13:56 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-06 13:56 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-05-06 13:56 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-05-06 13:56 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-05-06 13:56 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-05-06 13:56 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-05-06 13:56 . 2009-10-09 21:55 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-05-06 13:56 . 2009-10-09 21:55 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-05-06 13:56 . 2009-10-09 21:55 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-05-06 13:56 . 2009-10-09 21:55 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-05-06 13:56 . 2009-10-09 21:55 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-05-06 13:56 . 2009-10-09 21:56 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-05-06 13:55 . 2009-08-01 06:27 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-05-06 13:55 . 2009-10-09 21:56 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-05-06 13:55 . 2009-10-09 21:56 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-05-06 13:55 . 2009-10-09 21:56 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-05-06 13:55 . 2009-10-09 21:56 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-05-06 13:55 . 2009-10-09 21:55 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-05-06 13:55 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-05-06 13:08 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-05-06 13:07 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-06 13:07 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-06 13:07 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-06 13:07 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-05-06 13:07 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-05-06 13:07 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-05-06 13:05 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-06 13:04 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-05-06 13:04 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-05-06 13:04 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-05-06 13:04 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-05-06 13:04 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-06 13:02 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-06 13:02 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-05-06 13:02 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-06 13:02 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-05-06 13:02 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-05-06 13:02 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-06 13:02 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-06 13:01 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-06 13:01 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-06 13:01 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-06 13:01 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 18:48 . 2011-04-29 19:46 -------- d-----w- C:\DESKTOP BEFORE FIX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 21:09 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-05-07 01:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-07 01:14 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-07 01:14 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-07 01:14 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-03-06 29744]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"DACSMiniApp"="c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe" [2007-08-24 197888]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-10-12 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-10-11 712704]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\users\herecomesyourbride\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
GameSpot Download Manager.lnk - c:\users\herecomesyourbride\GameSpot\GameSpotDownloadManager_Win32.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-03-06 29744]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 19:28]
.
2011-05-21 c:\windows\Tasks\User_Feed_Synchronization-{EA109B87-7A20-427B-AD64-6D7FEB8891C9}.job
- c:\windows\system32\msfeedssync.exe [2011-05-06 04:43]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aim.com\www
Trusted Zone: aol.com\aimexpress
Trusted Zone: aol.com\aimx-vma.aimexpress
Trusted Zone: indwes.edu\blackboard
Trusted Zone: indwes.edu\www.blackboard
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
FF - ProfilePath - c:\users\herecomesyourbride\AppData\Roaming\Mozilla\Firefox\Profiles\bke4vihn.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-21 14:30
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-21 14:41:02
ComboFix-quarantined-files.txt 2011-05-21 18:40
ComboFix2.txt 2011-05-19 00:41
.
Pre-Run: 85,819,224,064 bytes free
Post-Run: 85,155,545,088 bytes free
.
- - End Of File - - 6087511F262B13E087BCED049433FDCC

[felhet]

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by herecomesyourbride at 17:23:52.27 on Sat 05/21/2011
Internet Explorer: 8.0.6001.19048 BrowserJavaVersion: 1.6.0_25
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.275 [GMT -4:00]
.
AV: avast! antivirus *Disabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Disabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\mobsync.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\herecomesyourbride\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DACSMiniApp] c:\program files\fisher-price\dacs\miniapp\DACSMiniApp.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\hereco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\hereco~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\gamesp~1.lnk - c:\users\herecomesyourbride\gamespot\GameSpotDownloadManager_Win32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: aim.com\www
Trusted Zone: aol.com\aimexpress
Trusted Zone: aol.com\aimx-vma.aimexpress
Trusted Zone: indwes.edu\blackboard
Trusted Zone: indwes.edu\www.blackboard
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {BCBC9371-9827-11DA-A72B-0800200C9A66} - hxxp://merillat.view22.com/release_3_9_177/View22RTEv4.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hereco~1\appdata\roaming\mozilla\firefox\profiles\bke4vihn.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\herecomesyourbride\appdata\local\yahoo!\browserplus\2.5.1\plugins\npybrowserplus_2.5.1.dll
FF - plugin: c:\users\herecomesyourbride\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\herecomesyourbride\appdata\roaming\facebook\npfbplugin_1_0_1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-1 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-1 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-9-1 53328]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-1 138680]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-23 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-14 1153368]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S?3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-1 254040]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-1 352920]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-6 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-1-5 29744]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-21 18:58:59 -------- d-----w- c:\program files\ESET
2011-05-21 18:55:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-21 18:55:43 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-05-21 18:55:42 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-21 18:55:42 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-21 18:55:41 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-21 18:55:41 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-05-21 18:55:41 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-21 18:55:41 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-21 18:55:41 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-21 18:55:41 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-21 18:41:15 -------- d-----w- c:\users\hereco~1\appdata\local\temp
2011-05-21 18:39:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-19 01:11:47 -------- d-sh--w- c:\users\herecomesyourbride\%APPDATA%
2011-05-19 00:08:41 98816 ----a-w- c:\windows\sed.exe
2011-05-19 00:08:41 89088 ----a-w- c:\windows\MBR.exe
2011-05-19 00:08:41 256512 ----a-w- c:\windows\PEV.exe
2011-05-19 00:08:41 161792 ----a-w- c:\windows\SWREG.exe
2011-05-19 00:06:25 -------- d-----w- C:\%APPDATA%
2011-05-18 01:43:09 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{595f2e56-6067-48e5-afb2-2b280db56bb3}\mpengine.dll
2011-05-11 12:33:24 -------- d-----w- C:\968538762a2e98f29148d99eea6e7a
2011-05-11 12:33:14 -------- d-----w- C:\1128504acd42e1c326b3
2011-05-11 12:33:02 -------- d-----w- C:\_961618_
2011-05-11 12:18:11 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-05-07 21:15:41 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-07 01:14:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-07 01:14:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-06 21:13:43 -------- d-----w- c:\windows\en
2011-05-06 21:12:58 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-05-06 21:08:06 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-05-06 21:08:06 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-05-06 21:08:06 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-05-06 14:30:10 15712 ----a-w- c:\program files\common files\windows live\.cache\1a9595501cc0bfa1f\MeshBetaRemover.exe
2011-05-06 14:29:15 94040 ----a-w- c:\program files\common files\windows live\.cache\f8de5b901cc0bf918\DSETUP.dll
2011-05-06 14:29:15 525656 ----a-w- c:\program files\common files\windows live\.cache\f8de5b901cc0bf918\DXSETUP.exe
2011-05-06 14:29:15 1691480 ----a-w- c:\program files\common files\windows live\.cache\f8de5b901cc0bf918\dsetup32.dll
2011-05-06 14:29:12 94040 ----a-w- c:\program files\common files\windows live\.cache\f76642501cc0bf917\DSETUP.dll
2011-05-06 14:29:12 525656 ----a-w- c:\program files\common files\windows live\.cache\f76642501cc0bf917\DXSETUP.exe
2011-05-06 14:29:12 1691480 ----a-w- c:\program files\common files\windows live\.cache\f76642501cc0bf917\dsetup32.dll
2011-05-06 14:26:45 -------- d-----w- c:\users\hereco~1\appdata\local\Windows Live
2011-05-06 14:25:40 754688 ----a-w- c:\windows\system32\webservices.dll
2011-05-06 14:13:02 -------- d-----w- C:\b5392d0d3685782584a3c867805e
2011-05-06 13:56:39 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-05-06 13:56:19 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-05-06 13:56:19 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-05-06 13:56:18 40448 ----a-w- c:\windows\system32\winrs.exe
2011-05-06 13:56:15 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-05-06 13:56:15 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-05-06 13:56:09 81408 ----a-w- c:\windows\system32\wevtfwd.dll
2011-05-06 13:56:09 79872 ----a-w- c:\windows\system32\wecutil.exe
2011-05-06 13:56:09 56320 ----a-w- c:\windows\system32\wecapi.dll
2011-05-06 13:56:09 54272 ----a-w- c:\windows\system32\WsmRes.dll
2011-05-06 13:56:09 146944 ----a-w- c:\windows\system32\wecsvc.dll
2011-05-06 13:56:08 41472 ----a-w- c:\windows\system32\pwrshplugin.dll
2011-05-06 13:55:54 201184 ----a-w- c:\windows\system32\winrm.vbs
2011-05-06 13:55:49 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2011-05-06 13:55:48 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2011-05-06 13:55:48 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2011-05-06 13:55:48 241152 ----a-w- c:\windows\system32\winrscmd.dll
2011-05-06 13:55:48 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2011-05-06 13:55:47 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2011-05-06 13:08:02 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-05-06 13:07:58 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-05-06 13:07:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-05-06 13:07:21 17920 ----a-w- c:\windows\system32\netevent.dll
2011-05-06 13:07:02 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-05-06 13:07:02 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-05-06 13:07:02 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-05-06 13:05:58 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-05-06 13:04:55 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-05-06 13:04:53 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-05-06 13:04:16 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-05-06 13:04:11 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-05-06 13:04:03 1696256 ----a-w- c:\windows\system32\gameux.dll
2011-05-06 13:02:42 601600 ----a-w- c:\windows\system32\schedsvc.dll
2011-05-06 13:02:41 352768 ----a-w- c:\windows\system32\taskschd.dll
2011-05-06 13:02:39 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-05-06 13:02:39 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-05-06 13:02:39 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-05-06 13:02:33 81920 ----a-w- c:\windows\system32\consent.exe
2011-05-06 13:02:13 2048 ----a-w- c:\windows\system32\tzres.dll
2011-05-06 13:01:26 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-05-06 13:01:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-05-06 13:01:17 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-05-06 13:01:11 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-04-29 18:48:15 -------- d-----w- C:\DESKTOP BEFORE FIX
.
==================== Find3M ====================
.
2011-05-21 18:52:48 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:24:42.80 ===============

[felhet]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/19/2007 11:19:27 PM
System Uptime: 5/21/2011 1:28:20 PM (4 hours ago)
.
Motherboard: TOSHIBA | | IAKAA
Processor: Intel(R) Core(TM)2 CPU T5200 @ 1.60GHz | U2E1 | 1600/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 80.016 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP722: 9/16/2010 3:01:10 AM - Windows Update
RP723: 10/26/2010 10:28:06 AM - Scheduled Checkpoint
RP724: 5/6/2011 8:36:29 AM - Windows Update
RP725: 5/6/2011 9:53:59 AM - Windows Update
RP726: 5/7/2011 3:01:10 AM - Windows Update
RP727: 5/8/2011 3:00:48 AM - Windows Update
RP728: 5/10/2011 7:23:49 AM - Windows Update
RP729: 5/12/2011 3:01:53 AM - Windows Update
RP730: 5/17/2011 9:26:37 PM - Windows Update
RP731: 5/17/2011 9:35:07 PM - Windows Update
RP733: 5/17/2011 10:05:30 PM - Windows Defender Checkpoint
RP734: 5/18/2011 9:07:12 PM - Scheduled Checkpoint
RP735: 5/21/2011 1:54:13 PM - Removed Adobe Reader 8.1.1
RP736: 5/21/2011 2:44:17 PM - Removed Java(TM) 6 Update 20
RP737: 5/21/2011 2:51:09 PM - Installed Java(TM) 6 Update 25
.
==== Installed Programs ======================
.
32 Bit HP BiDi Channel Components Installer
Apple Software Update
avast! Antivirus
Bluetooth Stack for Windows by Toshiba
BufferChm
CD/DVD Drive Acoustic Silencer
Cricut DesignStudio
CSI-3 Dimensions of Murder 1.1
CustomerResearchQFolder
D3DX10
Desktop Dialer
DeviceDiscovery
DeviceManagementQFolder
DVD MovieFactory for TOSHIBA
eFax Messenger
ERUNT 1.1j
ESET Online Scanner v3
eSupportQFolder
Facebook Plug-In
Google Desktop
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Color LaserJet CP1510 Series 2.0
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP Solution Center 9.0
HP Update
HPCarePackCore
HPCarePackProducts
hppCLJCP1510
hppFonts
hppManualsCP1510
hppPQVideoCP1510
HPProductAssistant
hppTLBXFXCP1510
hppusgCP1510
HPSSupply
hpzTLBXFX
IKEA Home Planner
InstallMgr
Intel(R) Graphics Media Accelerator Driver
iWin Games (remove only)
Java Auto Updater
Java(TM) 6 Update 25
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Move Networks Media Player for Internet Explorer
Mozilla Firefox 4.0.1 (x86 en-US)
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
PIXresizer 2.0.3
Product_SF_Full_QFolder
Product_SF_Min_QFolder
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Segoe UI
SolutionCenter
Spybot - Search & Destroy
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
The Digital Arts and Crafts Studio
The Sims™ 2 Double Deluxe
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
TOSHIBA Media Center Game Console
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TrayApp
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
WebReg
Win2PDF 3.30
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDVD for TOSHIBA
Women's Murder Club A Darker Shade of Grey
Yahoo! BrowserPlus
Yahoo! Messenger
Yahoo! SiteBuilder
.
==== Event Viewer Messages From Past Week ========
.
5/21/2011 2:30:38 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/21/2011 2:12:04 PM, Error: Service Control Manager [7034] - The Swupdtmr service terminated unexpectedly. It has done this 1 time(s).
5/21/2011 2:01:31 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2011 2:01:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
5/21/2011 2:01:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/19/2011 8:36:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tosrfcom
5/17/2011 9:18:29 PM, Error: EventLog [6008] - The previous system shutdown at 3:01:40 AM on 5/14/2011 was unexpected.
.
==== End Of File ===========================

[felhet]

Also, you asked about the C: desktop before fix folder. Yes, I moved a buch of dsktop files to that folder. Is there something wrong with that folder?

Thanks!

[Blade81]

Also, you asked about the C: desktop before fix folder. Yes, I moved a buch of dsktop files to that folder. Is there something wrong with that folder?

No, just wanted a confirmation if you were aware of its origin

Update Avast. Are there still any symptoms left?

[felhet]

OK, great.

I updated Avast and I am not having the same web browsing problems or getting the "fake" anti-virus pop-ups anymore.

The computer is still a little slow at startup and it sounds like the harddrive is working right now. I am only running IE9 to type this message. I am not sure if it is Avast working in the background or malware. There are a lot of programs that start automatically during startup on this computer so I may try taking them off.

Other than that it seems fine for now. Were you able to find anything specific that had infected the computer?

Again, thank you so much for the help!

[Blade81]

Were you able to find anything specific that had infected the computer?

Nothing specific but possible origin maybe found by reading this topic.


It's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.


Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



Download and run Secunia Personal Software Inspector (PSI) and fix its findings.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

[felhet]

Thank you. It seems to be acting fine. The only issue I seem to have is I get this error at startup:

Unable to create folder:
C:\Windows\ERDNT\AutoBackup\5-23-2011

I assume I can get rid of the ERUNT program?

Again, thank you for your help!

[Blade81]

Hi,

Yes you can uninstall ERUNT.

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.