1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive [InActive] redirects, pop-ups, d/l probs, dodgy adverts - how resolve?

Discussion in 'Malware and Virus Removal Archive' started by davetherocket, 2008/11/02.

  1. 2008/11/02
    davetherocket

    davetherocket Inactive Thread Starter

    Joined:
    2008/11/02
    Messages:
    1
    Likes Received:
    0
    hi all,

    my IE has the following problems:

    - when i click on a result following a google search it mostly takes me back to blank google search page
    - otherwise it redircts to other sites
    - i get loads of pop-ups
    - sites with flash adverts eg MSN show the same dodgy '***** enlargement pills' advert in place of the usual ones!!!
    - certain malware etc programs wont install or run properly
    - pc not running as smooth as it did before

    Not sure if this is malware, spyware etc and Im a bit of a beginner when it comes to fixing tech issues - any help or adavice would be really appreciated


    I have installed ad aware, malwarebytes and RSIT but no joy. I also did a complete reinstall of my laptop to its original factory state but the problem still persits..

    Ive looked through other forums to try and find the answer but also no joy - however everyone seems to post their hijack log so here's mine:

    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Moz at 2008-11-02 09:46:34
    Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
    System drive C: has 101 GB (85%) free of 119 GB
    Total RAM: 3070 MB (54% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:46:36, on 02/11/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\tb_eula\EULALauncher.exe
    C:\Program Files\Toshiba\Toshiba Online Product Information\TOPI.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
    C:\Program Files\Toshiba\SmoothView\SmoothView.exe
    C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
    C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Moz\Desktop\RSIT.exe
    C:\Program Files\trend micro\Moz.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [toolbar_eula_launcher] c:\tb_eula\EULALauncher.exe
    O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe "
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - Unknown owner - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (file missing)
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 9910 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
    C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll [2008-06-30 349552]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
    Symantec Intrusion Prevention - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [2008-11-01 116088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-02-26 2403392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-02-26 2403392]
    {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Show Norton Toolbar - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll [2008-06-30 349552]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
    "SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
    "NDSTray.exe "=NDSTray.exe []
    "ITSecMng "=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START []
    "Desktop SMS "=C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [2007-06-18 1507328]
    "Picasa Media Detector "=C:\Program Files\Picasa2\PicasaMediaDetector.exe [2006-12-06 366400]
    "Google Desktop Search "=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-26 1836544]
    "toolbar_eula_launcher "=c:\tb_eula\EULALauncher.exe [2008-02-20 21504]
    "topi "=C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [2007-07-10 581632]
    "StartCCC "=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
    "SynTPEnh "=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-11-29 1029416]
    "Camera Assistant Software "=C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [2007-10-25 413696]
    "TPwrMain "=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2008-01-17 431456]
    "HSON "=C:\Program Files\TOSHIBA\TBS\HSON.exe [2007-10-31 54608]
    "SmoothView "=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2008-01-25 509816]
    "00TCrdMain "=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2008-01-22 712704]
    "Toshiba Registration "=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [2007-05-04 571024]
    "ccApp "=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-10-17 51048]
    "osCheck "=C:\Program Files\Norton 360\osCheck.exe [2008-02-26 988512]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
    "WindowsWelcomeCenter "=C:\Windows\system32\oobefldr.dll [2008-01-21 2153472]
    "TOSCDSPD "=C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [2007-12-29 430080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL "

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    igfxdev.dll []

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1
    "EnableUIADesktopToggle "=0

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    ======List of files/folders created in the last 1 months======

    2008-11-02 09:15:51 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-02 09:15:51 ----D---- C:\Program Files\Adobe
    2008-11-02 09:15:32 ----SHD---- C:\Config.Msi
    2008-11-02 09:14:33 ----D---- C:\Program Files\trend micro
    2008-11-02 09:14:30 ----D---- C:\rsit
    2008-11-02 09:03:48 ----D---- C:\Users\Moz\AppData\Roaming\Mozilla
    2008-11-02 09:03:41 ----D---- C:\Program Files\Mozilla Firefox
    2008-11-02 08:28:26 ----D---- C:\Users\Moz\AppData\Roaming\Malwarebytes
    2008-11-02 08:28:22 ----D---- C:\ProgramData\Malwarebytes
    2008-11-02 08:28:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-11-02 07:28:29 ----D---- C:\ProgramData\Lavasoft
    2008-11-02 07:28:29 ----D---- C:\Program Files\Lavasoft
    2008-11-02 07:27:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-11-01 20:48:53 ----D---- C:\Windows\system32\N360_BACKUP
    2008-11-01 20:32:18 ----DC---- C:\Windows\system32\DRVSTORE
    2008-11-01 20:32:18 ----A---- C:\Windows\system32\GEARAspi.dll
    2008-11-01 20:32:17 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-11-01 20:08:50 ----D---- C:\Users\Moz\AppData\Roaming\Macromedia
    2008-11-01 20:08:27 ----D---- C:\Users\Moz\AppData\Roaming\Google
    2008-11-01 2027 ----D---- C:\Users\Moz\AppData\Roaming\Symantec
    2008-11-01 20:03:55 ----D---- C:\Program Files\Norton 360
    2008-11-01 20:02:31 ----D---- C:\Program Files\Symantec
    2008-11-01 20:00:42 ----D---- C:\ProgramData\Symantec
    2008-11-01 20:00:34 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-11-01 19:50:35 ----D---- C:\Users\Moz\AppData\Roaming\Toshiba
    2008-11-01 19:47:51 ----D---- C:\Program Files\Sun
    2008-11-01 19:47:37 ----A---- C:\Windows\system32\javaws.exe
    2008-11-01 19:47:37 ----A---- C:\Windows\system32\javaw.exe
    2008-11-01 19:47:37 ----A---- C:\Windows\system32\java.exe
    2008-11-01 19:35:53 ----D---- C:\Users\Moz\AppData\Roaming\ATI
    2008-11-01 19:35:53 ----D---- C:\ProgramData\ATI
    2008-11-01 19:35:50 ----D---- C:\Users\Moz\AppData\Roaming\Adobe
    2008-11-01 19:35:38 ----SHD---- C:\$RECYCLE.BIN
    2008-11-01 19:35:21 ----D---- C:\Users\Moz\AppData\Roaming\Identities
    2008-11-01 19:31:35 ----D---- C:\ProgramData\ToshibaEurope
    2008-11-01 19:31:07 ----SD---- C:\Users\Moz\AppData\Roaming\Microsoft
    2008-11-01 19:31:07 ----D---- C:\Users\Moz\AppData\Roaming\Media Center Programs
    2008-11-01 18:11:01 ----A---- C:\Windows\system32\d3dx9_32.dll
    2008-11-01 18:10:51 ----D---- C:\ProgramData\TOSHIBA
    2008-11-01 18:10:51 ----D---- C:\Program Files\Common Files\Toshiba Shared
    2008-11-01 18:07:57 ----D---- C:\Program Files\Camera Assistant Software for Toshiba
    2008-11-01 18:04:29 ----D---- C:\Windows\system32\ENU
    2008-11-01 18:04:28 ----D---- C:\Program Files\Synaptics
    2008-11-01 18:04:27 ----A---- C:\Windows\system32\imsmudlg.exe
    2008-11-01 18:03:27 ----D---- C:\Program Files\ATI Technologies
    2008-11-01 18:03:07 ----D---- C:\Program Files\ATI
    2008-11-01 18:01:48 ----D---- C:\Windows\SoftwareDistribution
    2008-11-01 17:57:59 ----SHD---- C:\System Volume Information

    ======List of files/folders modified in the last 1 months======

    2008-11-02 09:46:28 ----D---- C:\Windows\Temp
    2008-11-02 09:42:25 ----D---- C:\Windows\Tasks
    2008-11-02 09:16:30 ----SD---- C:\Windows\Downloaded Program Files
    2008-11-02 09:16:27 ----SHD---- C:\Windows\Installer
    2008-11-02 09:15:56 ----D---- C:\ProgramData\Adobe
    2008-11-02 09:15:51 ----RD---- C:\Program Files
    2008-11-02 09:15:51 ----D---- C:\Program Files\Common Files
    2008-11-02 09:15:43 ----D---- C:\Windows\winsxs
    2008-11-02 09:15:23 ----AD---- C:\Windows\System32
    2008-11-02 08:28:25 ----D---- C:\Windows\system32\drivers
    2008-11-02 08:28:22 ----HD---- C:\ProgramData
    2008-11-02 07:31:00 ----SD---- C:\ProgramData\Microsoft
    2008-11-02 07:29:17 ----D---- C:\Windows
    2008-11-02 07:27:19 ----D---- C:\Windows\inf
    2008-11-02 07:27:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
    2008-11-01 22:57:06 ----D---- C:\Windows\Prefetch
    2008-11-01 22:10:41 ----D---- C:\Windows\system32\Tasks
    2008-11-01 21:53:55 ----D---- C:\Windows\Logs
    2008-11-01 20:36:35 ----D---- C:\Windows\system32\WDI
    2008-11-01 20:32:50 ----D---- C:\Windows\system32\catroot
    2008-11-01 20:03:28 ----RSD---- C:\Windows\assembly
    2008-11-01 19:56:34 ----D---- C:\ProgramData\McAfee
    2008-11-01 19:47:36 ----D---- C:\Program Files\Java
    2008-11-01 19:36:02 ----D---- C:\tb_eula
    2008-11-01 19:35:58 ----D---- C:\Toshiba
    2008-11-01 19:31:07 ----RD---- C:\Users
    2008-11-01 19:23:12 ----D---- C:\Windows\rescache
    2008-11-01 19:22:48 ----D---- C:\Windows\Debug
    2008-11-01 18:11:34 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-11-01 18:11:34 ----D---- C:\Windows\PCHEALTH
    2008-11-01 18:11:34 ----D---- C:\Windows\Help
    2008-11-01 18:11:34 ----D---- C:\Program Files\Toshiba
    2008-11-01 18:10:48 ----D---- C:\Program Files\Common Files\microsoft shared
    2008-11-01 18:09:59 ----D---- C:\Windows\system32\catroot2
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\tr-TR
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\sv-SE
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\sk-SK
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\ru-RU
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\pt-PT
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\pl-PL
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\nl-NL
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\nb-NO
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\it-IT
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\hu-HU
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\fr-FR
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\fi-FI
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\es-ES
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\el-GR
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\de-DE
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\da-DK
    2008-11-01 18:08:37 ----D---- C:\Windows\system32\cs-CZ
    2008-11-01 18:08:36 ----D---- C:\Windows\system32\zh-TW
    2008-11-01 18:08:35 ----D---- C:\Windows\system32\zh-CN
    2008-11-01 18:08:35 ----D---- C:\Windows\system32\ko-KR
    2008-11-01 18:08:35 ----D---- C:\Windows\system32\ja-JP
    2008-11-01 18:08:34 ----D---- C:\Windows\system32\en
    2008-11-01 18:07:49 ----D---- C:\Windows\system32\restore
    2008-11-01 1829 ----D---- C:\Windows\Panther
    2008-11-01 1802 ----D---- C:\Windows\system32\Lang
    2008-11-01 18:04:28 ----D---- C:\Program Files\Intel

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2008-10-15 371248]
    R1 IDSvix86;Symantec Intrusion Prevention Driver; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081029.001\IDSvix86.sys [2008-10-03 270384]
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [2008-09-05 447024]
    R1 SRTSPX;SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [2008-02-01 43696]
    R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2008-06-13 24112]
    R1 SYMTDI;SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
    R2 CO_Mon;CO_Mon; \??\C:\Windows\system32\drivers\CO_Mon.sys [2007-08-09 36056]
    R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
    R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]
    R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-15 99376]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
    R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
    R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]
    R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]
    R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-10-22 38496]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081101.019\NAVENG.SYS [2008-10-15 89104]
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20081101.019\NAVEX15.SYS [2008-10-15 873552]
    R3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
    R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
    R3 QIOMem;Generic IO & Memory Access; C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
    R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
    R3 SRTSP;SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [2008-02-01 279088]
    R3 SYMDNS;SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
    R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2008-11-01 123952]
    R3 SYMFW;SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
    R3 SYMNDISV;SYMNDISV; C:\Windows\System32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
    R3 SYMREDRV;SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
    R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-11-29 196144]
    R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 16128]
    R3 usbvideo;Chicony USB 2.0 Camera; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
    R3 UVCFTR;UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [2007-12-17 18432]
    R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]
    R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
    R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]
    S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 467456]
    S3 COH_Mon;COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
    S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
    S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys []
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys []
    S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
    S3 SRTSPL;SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [2008-02-01 317616]
    S3 Tosrfcom;Tosrfcom; C:\Windows\system32\drivers\Tosrfcom.sys []
    S3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 9216]
    S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
    S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
    R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-01-30 643072]
    R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008-02-21 238968]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 ConfigFree Service;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    R2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
    R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe [2007-02-12 65536]
    R2 TNaviSrv;TOSHIBA Navi Support Service; C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe [2008-01-21 83312]
    R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2007-11-21 129632]
    R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2008-01-17 431456]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]
    R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2006-08-23 49152]
    R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]
    R3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-11-01 1245064]
    S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
    S3 comHost;COM Host; C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe [2007-08-22 55640]
    S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-02-26 1836544]
    S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-26 138168]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2008-09-05 3220856]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

    -----------------EOF-----------------

    any ideas?

    Thanks in advance, Dave
     
    davetherocket,
    #1
  2. 2008/11/02
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS Dave :)

    Please open MBAM and select the Logs tab, then view and post all logs here.

    Next, download ComboFix by sUBs from here, saving the file to your desktop.


    Please disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

    • Close all open programs and windows
    • Double click ComboFix.exe and follow the prompts.
    • It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and give me a status update in your next reply.
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
     
    noahdfear,
    #2


  3. to hide this advert.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...