Inactive [InActive] Another Google Redirect Problem

Bmwm3evo · 2009/12/18

Sorry, i thought i wrote that it was still there :/

broni · 2009/12/18

Let's try the newest Combofix version....

Please download ComboFix from [color= "Red"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Bmwm3evo · 2009/12/18

Downloading now mate

Bmwm3evo · 2009/12/18

I hate to double post, but ive just had to do a google search and it seems to have gone away since the last 5 minutes.

Should I proceed with combo fix still?

Thanks

broni · 2009/12/18

Yes, please.
Doublechecking won't hurt...

Bmwm3evo · 2009/12/18

Hehe Kitty Ate it . Redirect seems to have gone though now . Thanks alot mate.

Ill be donating if when my money situation isnt so bad

ComboFix:

ComboFix 09-12-17.01 - Chris 18/12/2009 7:31.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1012.490 [GMT 0:00]
Running from: c:\users\Chris\Desktop\KittyFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Chris\AppData\Roaming\.#
c:\windows\Cursors\aero_link.cur

Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))
.

2009-12-18 07:57 . 2009-12-18 07:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-12-18 07:57 . 2009-12-18 07:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-18 07:20 . 2009-12-18 07:22 -------- d-----w- C:\32788R22FWJFW
2009-12-14 20:21 . 2009-12-14 20:21 -------- d-----w- c:\users\Chris\DoctorWeb
2009-12-13 23:01 . 2009-12-13 23:01 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics
2009-12-13 22:59 . 2009-12-13 22:59 -------- d-----w- C:\Load-CF
2009-12-13 17:41 . 2009-12-14 19:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-13 17:41 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\programdata\Avira
2009-12-13 17:41 . 2009-12-13 17:41 -------- d-----w- c:\program files\Avira
2009-12-13 04:06 . 2009-12-13 04:06 -------- d-----w- c:\users\Chris\AppData\Roaming\Yahoo!
2009-12-13 04:06 . 2009-12-15 16:39 -------- d-----w- c:\program files\Yahoo!
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\users\Chris\AppData\Roaming\CheckPoint
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\program files\CheckPoint
2009-12-13 03:52 . 2009-11-22 15:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-12-13 03:52 . 2009-11-22 15:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-12-13 03:09 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 02:54 . 2009-12-13 02:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-13 02:51 . 2009-12-15 23:45 -------- d-----w- c:\users\Chris\AppData\Roaming\SUPERAntiSpyware.com
2009-12-13 02:51 . 2009-12-15 23:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-12 18:29 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-12 18:29 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 07:08 . 2009-12-11 07:08 -------- d-----w- c:\users\Chris\AppData\Roaming\Malwarebytes
2009-12-11 07:08 . 2009-12-11 07:08 -------- d-----w- c:\programdata\Malwarebytes
2009-12-11 07:07 . 2009-12-12 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-11 04:43 . 2009-12-11 04:43 -------- d-----w- C:\MyWinLockerData
2009-12-11 04:35 . 2009-12-11 04:35 -------- d-----w- c:\program files\Trend Micro
2009-12-10 22:28 . 2009-12-11 08:10 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-10 22:28 . 2009-12-11 08:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-12-10 22:15 . 2009-12-13 04:06 -------- d-----w- c:\program files\CCleaner
2009-12-08 02:10 . 2009-12-08 02:10 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-12-08 02:09 . 2009-12-08 02:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-08 02:09 . 2009-12-08 02:11 -------- d-----w- c:\program files\DivX
2009-12-04 19:14 . 2009-12-15 23:47 -------- d-----w- c:\users\Chris\AppData\Roaming\XBMC
2009-12-04 19:12 . 2009-12-04 19:18 -------- d-----w- c:\program files\XBMC
2009-12-04 18:28 . 2009-12-15 16:39 -------- d-----w- c:\program files\SBPaper
2009-12-04 16:37 . 2009-12-11 08:10 -------- d-----w- c:\users\Chris\AppData\Roaming\vlc
2009-12-04 16:35 . 2009-12-04 16:35 -------- d-----w- c:\program files\VideoLAN
2009-12-04 03:10 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-12-04 03:05 . 2009-12-04 03:05 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-12-04 03:03 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-03 23:31 . 2009-12-11 08:10 -------- d-----w- c:\program files\Common Files\Stardock
2009-12-03 23:31 . 2009-12-11 08:10 -------- d--h--w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}
2009-12-03 23:31 . 2009-10-22 17:32 3195360 -c--a-w- c:\programdata\{CFA6F4AE-B6D4-4F71-BBA4-ACFE805E7214}\MyColors.exe
2009-12-03 23:31 . 2009-12-03 23:32 -------- d-----w- c:\program files\Stardock
2009-12-03 23:31 . 2009-12-03 23:31 -------- d-----w- c:\users\Chris\AppData\Local\PackageAware
2009-12-03 23:24 . 2009-12-03 23:24 -------- d-----w- c:\users\Chris\AppData\Local\Adobe
2009-12-03 19:01 . 2009-12-03 19:01 -------- d-----w- c:\users\Chris\AppData\Roaming\PlayFirst
2009-12-03 19:01 . 2009-12-03 19:01 -------- d-----w- c:\programdata\PlayFirst
2009-12-03 18:24 . 2009-12-03 18:24 -------- d-----w- c:\program files\GamesBar
2009-12-03 18:17 . 2009-12-03 18:17 -------- d-----w- c:\program files\uTorrent
2009-12-03 18:16 . 2009-12-18 08:00 -------- d-----w- c:\users\Chris\AppData\Roaming\uTorrent
2009-12-03 13:14 . 2009-12-03 13:14 -------- d-----w- c:\programdata\AWEM
2009-12-03 13:13 . 2009-12-03 13:13 -------- d-----w- c:\users\Chris\AppData\Roaming\GameConsole
2009-12-03 09:51 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-12-03 09:51 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-12-03 09:51 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-12-03 09:51 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2009-12-03 09:51 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2009-12-03 09:51 . 2009-07-30 16:27 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-12-03 09:51 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2009-12-03 09:51 . 2009-07-30 16:29 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-12-03 09:51 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-12-03 09:51 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-12-03 08:19 . 2009-12-03 08:19 -------- d-----w- c:\users\Chris\AppData\Local\myPod_Apps
2009-12-02 22:43 . 2009-12-02 22:43 -------- d-----w- c:\program files\Pod to PC
2009-12-02 22:35 . 2009-12-02 22:35 -------- d-----w- c:\program files\iDump
2009-12-02 22:27 . 2009-12-15 16:38 -------- d-----w- c:\users\Chris\AppData\Local\MagicCamera
2009-12-02 22:05 . 2009-12-12 19:13 -------- d-----w- c:\users\Chris\AppData\Roaming\LimeWire
2009-12-02 21:50 . 2009-12-02 21:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 21:49 . 2009-12-02 21:49 -------- d-----w- c:\program files\Java
2009-12-02 21:48 . 2009-12-02 22:05 -------- d-----w- c:\program files\LimeWire
2009-12-02 19:42 . 2009-12-02 19:42 -------- d-----w- c:\users\Chris\AppData\Local\Diagnostics
2009-12-02 19:31 . 2009-12-04 13:15 -------- d-----w- c:\users\Chris\AppData\Local\Apple Computer
2009-12-02 19:31 . 2009-12-03 09:37 -------- d-----w- c:\users\Chris\AppData\Roaming\Apple Computer
2009-12-02 19:31 . 2009-05-18 14:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-12-02 19:31 . 2008-04-17 13:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-12-02 19:31 . 2009-12-02 19:31 -------- dc----w- c:\windows\system32\DRVSTORE
2009-12-02 19:29 . 2009-12-02 19:29 -------- d-----w- c:\program files\iPod
2009-12-02 19:29 . 2009-12-02 19:31 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-02 19:29 . 2009-12-02 19:31 -------- d-----w- c:\program files\iTunes
2009-12-02 19:28 . 2009-12-02 19:28 -------- d-----w- c:\program files\Bonjour
2009-12-02 19:25 . 2009-12-02 19:27 -------- d-----w- c:\program files\QuickTime
2009-12-02 19:25 . 2009-12-02 19:29 -------- d-----w- c:\programdata\Apple Computer
2009-12-02 19:24 . 2009-12-02 19:24 -------- d-----w- c:\users\Chris\AppData\Local\Apple
2009-12-02 19:24 . 2009-12-02 19:24 -------- d-----w- c:\program files\Apple Software Update
2009-12-02 19:22 . 2009-12-02 19:32 -------- d-----w- c:\programdata\Apple
2009-12-02 19:22 . 2009-12-02 19:29 -------- d-----w- c:\program files\Common Files\Apple
2009-12-02 19:03 . 2009-12-02 19:03 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-02 19:00 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-12-02 18:58 . 2009-12-02 19:04 -------- d-----w- c:\program files\Microsoft
2009-12-02 18:40 . 2009-12-02 18:41 -------- d-----w- c:\users\Chris\AppData\Local\Deployment
2009-12-02 18:40 . 2009-12-02 18:40 -------- d-----w- c:\users\Chris\AppData\Local\Apps
2009-12-02 18:27 . 2009-12-02 18:27 1230960 ----a-w- c:\programdata\Google\Google Toolbar\Component\GoogleCld_3F6C343113693CD9.dll
2009-12-02 18:19 . 2009-12-02 18:19 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbD1B2.tmp.exe
2009-12-02 18:18 . 2009-12-02 18:42 -------- d-----w- c:\users\Chris\AppData\Local\Google
2009-12-02 18:17 . 2009-12-18 08:01 -------- d-----w- c:\users\Chris\Tracing
2009-12-02 18:13 . 2009-12-02 18:13 -------- d-----w- c:\users\Chris\AppData\Local\EgisTec
2009-12-02 18:11 . 2009-12-02 18:11 79136 ----a-w- c:\users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 18:11 . 2009-12-02 18:11 -------- d-----w- c:\program files\OEM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-18 07:28 . 2009-12-14 00:51 6076925 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-12-18 04:21 . 2009-08-21 01:13 330264 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-12-15 16:37 . 2009-08-21 01:34 -------- d-----w- c:\program files\Acer GameZone
2009-12-13 04:35 . 2009-08-21 02:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-13 03:53 . 2009-12-13 03:51 422437 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2009-12-13 03:51 . 2009-12-13 03:51 -------- d-----w- c:\program files\Zone Labs
2009-12-13 03:51 . 2009-12-13 03:51 -------- d-----w- c:\programdata\CheckPoint
2009-12-13 03:46 . 2009-08-21 01:58 -------- d-----w- c:\programdata\McAfee
2009-12-13 03:04 . 2009-08-21 01:43 -------- d-----w- c:\programdata\Microsoft Help
2009-12-12 19:08 . 2009-08-21 01:57 -------- d-----w- c:\programdata\Partner
2009-12-04 03:28 . 2009-08-21 01:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-03 23:35 . 2009-07-13 23:42 20804608 ----a-w- c:\windows\system32\imageres.dll
2009-12-03 09:18 . 2009-12-03 09:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-12-02 19:43 . 2009-12-02 19:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_netaapl_01005.Wdf
2009-12-02 19:21 . 2009-12-02 19:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-02 19:03 . 2009-08-30 06:49 -------- d-----w- c:\program files\Windows Live
2009-12-02 18:10 . 2009-12-02 18:10 -------- d-----w- c:\program files\Acer Accessory Store
2009-11-22 15:44 . 2009-12-13 03:51 450248 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2009-11-22 15:42 . 2009-12-13 03:51 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-02-10 19:23 . 2009-08-21 01:34 192484 ----a-w- c:\program files\Common Files\Acer GameZone online.ico
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-21 39408]
"Google Update "= "c:\users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-12-02 135664]
"uTorrent "= "c:\program files\uTorrent\uTorrent.exe" [2009-12-03 289584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2009-08-14 141848]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2009-08-14 173592]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2009-08-14 150552]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Acer ePower Management "= "c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"NortonOnlineBackupReminder "= "c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"LManager "= "c:\program files\Launch Manager\LManager.exe" [2009-08-21 809480]
"SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW "= "c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-21 708608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux "=wdmaud.drv

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\System32\drivers\mwlPSDFilter.sys [02/06/2009 11:15 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\System32\drivers\mwlPSDNserv.sys [02/06/2009 11:15 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\System32\drivers\mwlPSDVDisk.sys [02/06/2009 11:15 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [13/07/2009 23:52 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13/12/2009 17:41 108289]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [21/08/2009 01:55 727584]
R2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [04/06/2009 13:04 1150496]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 13:30 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 13:30 476528]
R2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe [06/08/2009 17:18 311592]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [21/08/2009 02:09 253952]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [21/08/2009 01:54 240160]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RtsUStor.sys [21/08/2009 01:18 167424]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [21/08/2009 02:03 119256]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\System32\drivers\netaapl.sys [28/08/2009 19:42 17408]
S4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [21/08/2009 01:57 332272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
AeLookupSvc
CertPropSvc
SCPolicySvc
lanmanserver
gpsvc
IKEEXT
AudioSrv
FastUserSwitchingCompatibility
Irmon
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
SENS
Sharedaccess
SRService
Tapisrv
Wmi
WmdmPmSp
TermService
wuauserv
BITS
ShellHWDetection
LogonHours
PCAudit
helpsvc
uploadmgr
iphlpsvc
seclogon
AppInfo
msiscsi
MMCSS
wercplsupport
EapHost
ProfSvc
schedule
hkmsvc
SessionEnv
winmgmt
browser
Themes
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(620)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'Explorer.exe'(5704)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\Acer\Acer ePower Management\SysHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Stardock\MyColors\VistaSrv.exe
c:\program files\Stardock\MyColors\WBVista.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Acer\Acer ePower Management\ePowerEvent.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\sppsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2009-12-18 08:08:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-18 08:08
ComboFix2.txt 2009-12-13 23:37

Pre-Run: 107,573,878,784 bytes free
Post-Run: 107,518,214,144 bytes free

- - End Of File - - 76DA40007D9C835948209F017AB6E2AE

HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:12:34, on 18/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "
O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')
O4 - Global Startup: Acer VCM.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 9492 bytes

broni · 2009/12/18

Ill be donating if when my money situation isnt so bad
Click to expand...

You have nothing to worry about.
We are here, because we just like to help other people. That's all

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Open JavaRa.exe again and select Search For Updates.

Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
- O4 - Global Startup: Acer VCM.lnk = ?

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
- O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
- O4 - HKCU\..\Run: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
- O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe "

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

Bmwm3evo · 2009/12/18

Fixing the problem and improving other things .

You guys are great .

Doing all this now.

Chris

broni · 2009/12/18

Ok

Bmwm3evo · 2009/12/18

New Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:34:56, on 19/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=ao531h&r=27b512096116l0393ww65w67266274
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe "
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon= "hidden "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files\Acer\Registration\GregHSRW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Updater Service - Acer - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--
End of file - 8481 bytes

broni · 2009/12/18

Your computer is clean

1. Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore ".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Make sure, Windows Updates are current.

[SIZE= "4"]6. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

7. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

8. Run defrag at your convenience.

9. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

10. Please, let me know, how is your computer doing.

Log in or Sign up

Inactive [InActive] Another Google Redirect Problem

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive [InActive] Another Google Redirect Problem

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Bmwm3evo Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches