Bad malware infection - redirects & blocked sites

What ESET found and quarantined was an infected System Restore point. Infected System Restore points are harmless where they are. I'll show you how to remove them (if you have any more) and set a new, clean restore point in an upcoming post.

I need to see a fresh DDS Log and let me know how your computer is doing.
 
My computer has been running okay speed-wise. I haven't been noticing any problems either.

Here's the DDS log

DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86
Run by Ian Schmidt at 18:10:38.96 on Mon 03/29/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.88 [GMT -4:00]

AV: avast! antivirus 4.8.1368 [VPS 100329-2] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Metamail Inc\Metamail Tray\Metamail Trust Manager.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ian Schmidt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://today.ask.com/foxit?o=101706&l=dis
uInternet Settings,ProxyOverride = *.local
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon
mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [\\TALON5-5NET\EPSON Stylus Photo R200 Series] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p44 "\\talon5-5net\EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
mRun: [Auto EPSON Stylus Photo R200 Series on TALON5-5NET] c:\windows\system32\spool\drivers\w32x86\3\e_s4i2h1.exe /p50 "auto epson stylus photo r200 series on talon5-5net" /o21 "\\talon5-5net\Printer" /M "Stylus Photo R200"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\iansch~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\iansch~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth monitor\BtMon2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metama~1.lnk - c:\program files\metamail inc\metamail tray\Metamail Trust Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\iansch~1\applic~1\mozilla\firefox\profiles\oc2sujip.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-15 64160]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-10 207280]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-16 114768]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2005-12-27 5888]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\vmlaunch\BuddyVM.sys [2010-3-26 15488]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-16 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-16 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-10 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]
R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2005-12-27 126976]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-5-17 24652]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-16 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-16 352920]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-12-27 35968]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-10 365280]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-10 1141712]

=============== Created Last 30 ================

2010-03-29 00:43:54 0 d-----w- c:\program files\ESET
2010-03-27 05:43:37 0 d-----w- c:\program files\ZYX
2010-03-26 22:23:43 0 d-----w- c:\program files\VMLaunch
2010-03-23 22:42:08 0 d-----w- c:\docume~1\iansch~1\applic~1\Foxit
2010-03-23 22:41:45 0 d-----w- c:\program files\Foxit Software
2010-03-23 00:38:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-23 00:38:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-20 14:55:35 0 d-sha-r- C:\cmdcons
2010-03-20 14:53:08 98816 ----a-w- c:\windows\sed.exe
2010-03-20 14:53:08 77312 ----a-w- c:\windows\MBR.exe
2010-03-20 14:53:08 261632 ----a-w- c:\windows\PEV.exe
2010-03-20 14:53:08 161792 ----a-w- c:\windows\SWREG.exe
2010-03-19 01:30:32 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-13 23:51:20 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-13 23:51:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-13 22:30:33 0 d-----w- c:\program files\Trend Micro
2010-03-13 00:43:03 0 d-----w- c:\docume~1\iansch~1\applic~1\Malwarebytes
2010-03-13 00:42:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 00:42:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-13 00:42:48 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 00:42:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-11 12:44:49 0 ----a-w- c:\windows\CeEKey.INI
2010-03-11 01:01:01 882 ----a-w- c:\windows\RegSDImport.xml
2010-03-11 01:01:01 879 ----a-w- c:\windows\RegISSImport.xml
2010-03-11 01:01:01 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-03-11 01:01:01 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-11 01:01:01 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-11 01:01:01 131 ----a-w- c:\windows\IDB.zip
2010-03-11 01:01:00 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-11 01:01:00 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-11 01:01:00 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-03-11 01:01:00 1152444 ----a-w- c:\windows\UDB.zip
2010-03-11 01:00:35 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-03-11 01:00:35 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-11 01:00:08 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-11 01:00:08 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-03-11 01:00:08 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-03-11 01:00:08 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-11 00:59:40 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-03-11 00:59:40 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-11 00:59:11 0 d-----w- c:\program files\common files\PC Tools
2010-03-11 00:59:10 0 d-----w- c:\program files\Spyware Doctor
2010-03-11 00:59:10 0 d-----w- c:\docume~1\iansch~1\applic~1\PC Tools
2010-03-11 00:59:10 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-03-02 01:45:49 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2010-02-04 01:05:37 28496 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-28 23:59:18 117655 ----a-w- c:\windows\hpoins11.dat
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll
2008-08-28 07:06:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082820080829\index.dat

============= FINISH: 18:11:27.57 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/25/2005 11:06:34 AM
System Uptime: 3/29/2010 4:20:50 PM (2 hours ago)

Motherboard: TOSHIBA | | HAQAA
Processor: Genuine Intel(R) CPU T1300 @ 1.66GHz | U2E1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 52 GiB total, 28.989 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description:
Device ID: ACPI\TOS620A\2&DABA3FF&0
Manufacturer:
Name:
PNP Device ID: ACPI\TOS620A\2&DABA3FF&0
Service:

==== System Restore Points ===================

RP496: 12/29/2009 11:43:45 PM - System Checkpoint
RP497: 12/30/2009 11:57:47 PM - System Checkpoint
RP498: 1/1/2010 12:32:30 AM - System Checkpoint
RP499: 1/2/2010 1:32:34 AM - System Checkpoint
RP500: 1/3/2010 2:32:34 AM - System Checkpoint
RP501: 1/4/2010 3:32:34 AM - System Checkpoint
RP502: 1/5/2010 3:56:16 AM - System Checkpoint
RP503: 1/6/2010 4:44:31 AM - System Checkpoint
RP504: 1/7/2010 5:44:32 AM - System Checkpoint
RP505: 1/8/2010 6:44:30 AM - System Checkpoint
RP506: 1/9/2010 7:44:30 AM - System Checkpoint
RP507: 1/10/2010 3:23:31 PM - System Checkpoint
RP508: 1/15/2010 7:59:43 PM - System Checkpoint
RP509: 1/19/2010 5:25:05 PM - System Checkpoint
RP510: 1/20/2010 7:16:32 PM - System Checkpoint
RP511: 1/21/2010 9:20:30 AM - Software Distribution Service 3.0
RP512: 1/23/2010 2:15:07 PM - Software Distribution Service 3.0
RP513: 1/23/2010 4:22:52 PM - Removed QuickTime
RP514: 1/23/2010 4:29:46 PM - Installed QuickTime
RP515: 1/24/2010 7:12:09 PM - System Checkpoint
RP516: 1/25/2010 9:02:47 PM - System Checkpoint
RP517: 1/26/2010 9:09:05 PM - System Checkpoint
RP518: 1/27/2010 11:59:44 PM - System Checkpoint
RP519: 1/28/2010 6:54:12 PM - Installed HPSU306Stub
RP520: 1/29/2010 11:33:10 PM - System Checkpoint
RP521: 1/30/2010 12:16:30 PM - Software Distribution Service 3.0
RP522: 1/31/2010 10:43:40 AM - Software Distribution Service 3.0
RP523: 2/1/2010 8:25:03 PM - System Checkpoint
RP524: 2/2/2010 10:20:33 PM - System Checkpoint
RP525: 2/4/2010 12:31:05 AM - System Checkpoint
RP526: 2/5/2010 7:10:51 AM - System Checkpoint
RP527: 2/6/2010 10:30:32 AM - System Checkpoint
RP528: 2/7/2010 1:11:37 PM - System Checkpoint
RP529: 2/8/2010 2:00:50 PM - System Checkpoint
RP530: 2/9/2010 3:00:53 PM - System Checkpoint
RP531: 2/10/2010 3:00:23 AM - Software Distribution Service 3.0
RP532: 2/11/2010 7:58:58 PM - System Checkpoint
RP533: 2/12/2010 10:24:35 PM - System Checkpoint
RP534: 2/14/2010 9:29:19 AM - System Checkpoint
RP535: 2/15/2010 11:23:24 AM - System Checkpoint
RP536: 2/16/2010 11:57:14 AM - System Checkpoint
RP537: 2/17/2010 12:56:52 PM - System Checkpoint
RP538: 2/18/2010 6:53:40 PM - System Checkpoint
RP539: 2/19/2010 6:59:09 PM - System Checkpoint
RP540: 2/20/2010 7:58:55 PM - System Checkpoint
RP541: 2/21/2010 8:28:51 PM - System Checkpoint
RP542: 2/22/2010 10:28:35 PM - System Checkpoint
RP543: 2/23/2010 11:22:50 PM - System Checkpoint
RP544: 2/24/2010 3:00:15 AM - Software Distribution Service 3.0
RP545: 2/25/2010 3:02:53 AM - System Checkpoint
RP546: 2/26/2010 4:02:56 AM - System Checkpoint
RP547: 2/27/2010 4:59:47 AM - System Checkpoint
RP548: 2/28/2010 5:45:45 AM - System Checkpoint
RP549: 3/1/2010 6:50:40 AM - System Checkpoint
RP550: 3/2/2010 7:07:27 PM - System Checkpoint
RP551: 3/3/2010 7:21:45 PM - System Checkpoint
RP552: 3/4/2010 9:07:32 PM - System Checkpoint
RP553: 3/5/2010 10:15:47 PM - System Checkpoint
RP554: 3/6/2010 11:13:46 PM - System Checkpoint
RP555: 3/8/2010 6:02:53 PM - System Checkpoint
RP556: 3/9/2010 6:49:06 PM - System Checkpoint
RP557: 3/10/2010 8:34:19 PM - System Checkpoint
RP558: 3/11/2010 8:43:02 PM - System Checkpoint
RP559: 3/12/2010 11:29:10 PM - System Checkpoint
RP560: 3/14/2010 12:58:32 AM - System Checkpoint
RP561: 3/15/2010 1:55:59 AM - System Checkpoint
RP562: 3/16/2010 2:55:58 AM - System Checkpoint
RP563: 3/17/2010 3:56:00 AM - System Checkpoint
RP564: 3/18/2010 4:55:51 AM - System Checkpoint
RP565: 3/19/2010 10:10:05 PM - Software Distribution Service 3.0
RP566: 3/21/2010 1:19:53 PM - System Checkpoint
RP567: 3/22/2010 2:13:43 PM - System Checkpoint
RP568: 3/22/2010 8:27:16 PM - Removed J2SE Runtime Environment 5.0 Update 4
RP569: 3/22/2010 8:37:25 PM - Installed Java(TM) 6 Update 18
RP570: 3/23/2010 6:22:56 PM - Removed Adobe Reader 7.1.0
RP571: 3/24/2010 7:32:53 PM - System Checkpoint
RP572: 3/25/2010 8:15:43 PM - System Checkpoint
RP573: 3/26/2010 9:11:37 PM - System Checkpoint
RP574: 3/28/2010 12:38:34 AM - System Checkpoint
RP575: 3/29/2010 7:33:47 AM - System Checkpoint

==== Installed Programs ======================

AC3File (remove only)
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
AIM 6
AiOSoftwareNPI
ALPS Touch Pad Driver
AOL Coach Version 2.0(Build:20041026.5 en)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoUpdate
avast! Antivirus
Bluetooth Monitor 2
Bluetooth Stack for Windows by Toshiba
Bonjour
Browser Defender 2.0.6.15
BufferChm
CCleaner
CD/DVD Drive Acoustic Silencer
CDisplay 1.8
DeductionPro 2008
Delete The Sagara Family - Download Edition
Delete Virtual-Mate Launcher
Destinations
DeviceManagementQFolder
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
DVD-RAM Driver
ERUNT 1.1j
ESET Online Scanner v3
eSupportQFolder
F300
F300_Help
Fax_CDA
Foxit Reader
Google Toolbar for Internet Explorer
Google Update Helper
Hard Disk Recovery Utilities
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyConnect Special Offer
NewCopy_CDA
OCR Software by I.R.I.S 7.0
ProductContextNPI
Protector Suite QL 5.6
QFolder
QuickTime
Readme
Realtek High Definition Audio Driver
Safari
Scan
ScannerCopy
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sid Meier's Civilization 4 Gold
Skype™ 3.8
SMSC IrCC V5.1.3600.5 SP2
SolutionCenter
Sonic DLA
Sonic RecordNow!
Spybot - Search & Destroy
Spyware Doctor 7.0
Status
TaxCut Basic + Efile 2008
TaxCut New Jersey 2008
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Mobile Extension3 for Windows XP V3.79.00.XP.C
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
TrayApp
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Utility Common Driver
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows SD Host Controller Driver
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Music Engine

==== Event Viewer Messages From Past Week ========

3/23/2010 6:37:13 PM, error: Service Control Manager [7034] - The avast! Web Scanner service terminated unexpectedly. It has done this 1 time(s).
3/23/2010 6:35:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the avast! Web Scanner service to connect.
3/23/2010 6:35:17 PM, error: Service Control Manager [7000] - The avast! Web Scanner service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================
 
Good to hear that the computer is not experiencing any problems. :)

You can delete the following off of your computer:

DDS.scr
The two DDS Logs
GMER.zip
GMER.exe
The GMER Log

To remove ComboFix from your computer, do the following:

Go to Start > Run - type in ComboFix /Uninstall & click OK

Empty your Recycle Bin.


Please take the time to read my All Clean Post.

Please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point

  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • Make sure the C:\ drive is selected and click OK. If your computer's Hard Drive is not located on C:, change it to the correct drive letter then click OK.
  • Select the More options tab
  • Choose the option to clean up system restore and OK it.
  • This will remove all restore points except the new one you just created.
.

Clearing your restore points is not something you should do on a regular basis. Normally, this process only needs to be done after clearing out an infestation of malware.


Make your Internet Explorer more secure This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it asks you if you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
  • Use An Antivirus Software and Keep It Updated - It is very important that your computer has an antivirus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a day. If you do not update your antivirus software, then it will not be able to catch any of the new variants that may come out.
  • Visit Microsoft's Update Site Frequently It is important that you visit Microsoft Updates regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install SpywareBlaster SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line Anti Malware
  • Use the hosts file: Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate web pages. We can customize a hosts file so that it blocks certain web pages. However, it can slow down certain computers. This is why using a hosts file is optional. Download mvps hosts file Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then doubleclick it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda IM These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Please read Simple and easy ways to keep your computer safe and secure on the Internet
  • If you are using Internet Explorer, please consider using an alternate browser: Mozilla's Firefox or
    Opera.
    If you decide to use either FireFox or Opera, it is very important that you keep them up to date and check frequently for updates of the browser of your choice.
  • Update all these programs regularly Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  • If your computer was infected by a website, a program, IM, MSN, or p2p, check this site because it is Time To Fight Back.
Follow these steps and your potential for being infected again will reduce dramatically.

Here's a good website to read about Malware prevention:

http://users.telenet.be/bluepatchy/miekiemoes/prevention.html

If your computer is running slow, click here for instructions on how to help speed up your computer.

Good luck!

Please reply one last time so that I know you have read my post and this thread can be closed.
 
km,
Thank you so much for all your help! I've read through your last message and I'll take the time to complete as many of the steps as I can


Have a great day!
 
You're welcome. I'm glad I was able to help you out. :)

Good luck and safe surfing!
 
You must log in or register to reply here.
Back
Top