Author Topic: Help me remove viruses from Vista, updated logs enclosed (Read 11974 times)

majakldragon · « **on:** June 10, 2009, 08:13:46 PM »

I read the Please read first and was unable to fix the problem. I have run Avast and it clears 4 viruses but they keep coming back. I don't have a lot of experience with Vista so I really need help. There are several "virus/spyware highway" toolbars that need to be removed anlong with an infected game that was put on here by a friend. I am using another computer to post with since I can't get a page to open on the Laptop. Any help will be greatly appreciated.. I noticed that some important updates had not been installed or they had been blocked. They are being updated now since I figured out how to get an internet page to open.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:52 PM, on 6/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Crawler\Smileys\CSmileysIM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Crawler\Smileys\CSMILE~1.EXE
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/?tb_id=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [CSmileys] "C:\Program Files\Crawler\Smileys\CSmileysIM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Crawler Smileys - {16FE352D-F643-4A81-BC61-2C051F3A757D} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Crawler eCards - {82E2B317-7C9C-4F12-B920-AC37D928CD43} - C:\PROGRA~1\Crawler\Smileys\CSMILE~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\Program Files\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11462 bytes

Computer Hope Admin · « **Reply #1 on:** June 11, 2009, 02:30:36 AM »

Based off your log it appears you have multiple anti-virus scanners on the computer, McAfee and Avast. This can cause a lot of issues therefore I'd suggest uninstalling McAfee from add/remove programs in control panel first. This could be the cause of why the viruses detected by Avast are not getting removed, because they could be in a McAfee vault.

Also while in Add/Remove programs look for and uninstall "crawler" or "crawler toolbar" as it's adware and can cause problems.

after above removed reboot computer.

Finally, I'd also suggest installing and running malware bytes on this computer after above steps have been done.

http://www.besttechie.net/tools/mbam-setup.exe

If you continue to run into issues, feel free to post an updated log after the above steps have been done.

majakldragon · « **Reply #2 on:** June 11, 2009, 09:13:40 AM »

Thank you Admin,
I have uninstalled McAffee since it was expired.
I have run CCCleaner
I have run MalwareBytes
Uninstalled Crawler Toolbar.
I will post the updated logs shortly

majakldragon · « **Reply #3 on:** June 11, 2009, 09:37:29 AM »

SuperAntiSpyware seems to have dissapeared so I will Download it again. I also can't access the hosts file in HJT. I tried running as Admin but it locks up.
Here are the requested logs,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:38 AM, on 6/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16830)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inbox.com/?tb_id=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Gamevance Text - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7979 bytes

Malwarebytes' Anti-Malware 1.37
Database version: 2261
Windows 6.0.6000

6/11/2009 9:31:37 AM
mbam-log-2009-06-11 (09-31-11).txt

Scan type: Quick Scan
Objects scanned: 70350
Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{014c4232-6904-47b9-9144-7e0fb7277444} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0ab02d6c-f605-425f-b7cb-b9e96c9faf1e} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{32864a05-9d09-472c-abd0-081818ec713b} (Adware.Gamevance) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{beac7dc8-e106-4c6a-931e-5a42e7362883} (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.

Files Infected:
c:\program files\gamevance\ars.cfg (Adware.Gamevance) -> No action taken.
c:\program files\gamevance\gvtl.dll (Adware.Gamevance) -> No action taken.
c:\program files\gamevance\gvun.exe (Adware.Gamevance) -> No action taken.
c:\program files\gamevance\icon.ico (Adware.Gamevance) -> No action taken.

Its being difficult so I have to do these one at a time

majakldragon · « **Reply #4 on:** June 11, 2009, 10:52:13 AM »

here are the dds files since in most posts you request them, Avast is disabled because the laptop will not run with it enabled

DDS (Ver_09-05-14.01) - NTFSx86
Run by Smartys at 11:40:29.26 on Thu 06/11/2009
Internet Explorer: 7.0.6000.16830
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.446.104 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090610-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1335 [VPS 090610-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Smartys\Desktop\stuff2\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.inbox.com/?tb_id=80229
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60181
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PINGER] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-6-10 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-6-10 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-6-10 51792]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]

=============== Created Last 30 ================

2009-06-11 10:56   <DIR>   --d-----   c:\program files\common files\Wise Installation Wizard
2009-06-11 00:30   <DIR>   --d-----   c:\users\smartys\appdata\roaming\Malwarebytes
2009-06-11 00:30   <DIR>   --d-----   c:\programdata\Malwarebytes
2009-06-11 00:30   <DIR>   --d-----   c:\progra~2\Malwarebytes
2009-06-11 00:30   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-06-11 00:01   <DIR>   --d-----   c:\programdata\SUPERAntiSpyware.com
2009-06-11 00:01   <DIR>   --d-----   c:\progra~2\SUPERAntiSpyware.com
2009-06-10 23:59   <DIR>   --d-----   c:\users\smartys\appdata\roaming\SUPERAntiSpyware.com
2009-06-10 23:59   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-06-10 23:33   1,060,864   a-------   c:\windows\system32\MFC71.dll
2009-06-10 23:33   51,792   a-------   c:\windows\system32\drivers\aswMonFlt.sys
2009-06-10 23:30   27,574,272   a-------   c:\windows\ocsetup_install_NetFx3.etl
2009-06-10 00:04   <DIR>   --d-----   c:\program files\Panda Security
2009-06-09 21:46   <DIR>   --d-----   c:\program files\Trend Micro
2009-06-03 03:20   <DIR>   --d-----   C:\5dba22dae257e13d3112b3df165d
2009-05-21 20:25   <DIR>   --d-----   c:\users\smartys\appdata\roaming\MySpace
2009-05-21 20:25   <DIR>   --d-----   c:\program files\MySpace

==================== Find3M ====================

2009-05-02 05:11   51,200   a-------   c:\windows\inf\infpub.dat
2009-05-02 05:11   665,600   a-------   c:\windows\inf\drvindex.dat
2009-05-02 05:11   86,016   a-------   c:\windows\inf\infstrng.dat
2009-05-02 05:11   86,016   a-------   c:\windows\inf\infstor.dat
2009-04-29 17:35   174   a--sh---   c:\program files\desktop.ini
2009-04-26 14:23   4,093,440   a-------   c:\windows\system32\NlsLexicons004c.dll
2009-04-26 14:17   1,585,664   a-------   c:\windows\system32\setupapi.dll
2009-04-26 14:14   549,888   a-------   c:\windows\system32\rpcss.dll
2009-04-26 14:14   3,503,584   a-------   c:\windows\system32\ntkrnlpa.exe
2009-04-26 14:14   3,469,280   a-------   c:\windows\system32\ntoskrnl.exe
2009-04-26 14:14   24,576   a-------   c:\windows\system32\printfilterpipelineprxy.dll
2009-04-26 14:14   654,336   a-------   c:\windows\system32\printfilterpipelinesvc.exe
2009-04-26 14:14   501,760   a-------   c:\windows\system32\wbem\WmiPrvSD.dll
2009-04-26 14:14   247,296   a-------   c:\windows\system32\wbem\WmiPrvSE.exe
2009-04-26 14:14   130,560   a-------   c:\windows\system32\wbem\WmiDcPrv.dll
2009-04-26 14:14   614,912   a-------   c:\windows\system32\wbem\fastprox.dll
2009-04-26 14:14   158,720   a-------   c:\windows\system32\sdohlp.dll
2009-04-26 14:14   97,280   a-------   c:\windows\system32\iasrecst.dll
2009-04-26 14:14   53,248   a-------   c:\windows\system32\iasads.dll
2009-04-26 14:14   37,888   a-------   c:\windows\system32\iasdatastore.dll
2009-04-26 14:12   223,232   a-------   c:\windows\system32\WMASF.DLL
2009-04-26 14:12   9,728   a-------   c:\windows\system32\LAPRXY.DLL
2009-04-26 14:12   2,048   a-------   c:\windows\system32\asferror.dll
2009-04-26 14:11   1,233,408   a-------   c:\windows\system32\lsasrv.dll
2009-04-26 14:11   72,704   a-------   c:\windows\system32\secur32.dll
2009-04-26 14:11   7,680   a-------   c:\windows\system32\lsass.exe
2009-04-26 14:11   40,960   a-------   c:\windows\apppatch\apihex86.dll
2009-04-26 14:11   25,600   a-------   c:\windows\system32\amxread.dll
2009-04-26 14:11   14,848   a-------   c:\windows\system32\apilogen.dll
2009-04-26 14:10   268,288   a-------   c:\windows\system32\mcbuilder.exe
2009-04-26 14:10   223,232   a-------   c:\windows\system32\SLC.dll
2009-04-26 14:10   33,280   a-------   c:\windows\system32\slwmi.dll
2009-04-26 14:10   566,784   a-------   c:\windows\system32\SLCommDlg.dll
2009-04-26 14:10   351,232   a-------   c:\windows\system32\SLUI.exe
2009-04-26 14:10   186,368   a-------   c:\windows\system32\SLLUA.exe
2009-04-26 14:10   57,856   a-------   c:\windows\system32\SLUINotify.dll
2009-04-26 14:10   2,605,568   a-------   c:\windows\system32\SLsvc.exe
2009-04-26 14:10   39,936   a-------   c:\windows\system32\slcinst.dll
2009-04-26 14:09   425,472   a-------   c:\windows\system32\PhotoMetadataHandler.dll
2009-04-26 14:08   712,192   a-------   c:\windows\system32\WindowsCodecs.dll
2009-04-26 14:08   347,136   a-------   c:\windows\system32\WindowsCodecsExt.dll
2009-04-26 14:07   441,856   a-------   c:\windows\system32\win32spl.dll
2009-04-26 14:07   37,376   a-------   c:\windows\system32\printcom.dll
2009-04-26 14:06   113,664   a-------   c:\windows\system32\drivers\rmcast.sys
2009-04-26 14:06   14,848   a-------   c:\windows\system32\wshrm.dll
2009-04-26 14:03   11,776   a-------   c:\windows\system32\sbunattend.exe
2009-04-26 13:59   290,304   a-------   c:\windows\system32\drivers\srv.sys
2009-04-25 13:14   376,832   a-------   c:\windows\system32\winhttp.dll
2009-04-25 10:32   83,968   a-------   c:\windows\system32\dnsrslvr.dll
2009-04-25 10:32   24,576   a-------   c:\windows\system32\dnscacheugc.exe
2009-04-25 10:32   53,760   a-------   c:\windows\system32\drivers\hdaudbus.sys
2009-04-25 10:31   269,824   a-------   c:\windows\system32\schannel.dll
2009-04-25 10:30   2,855,424   a-------   c:\windows\system32\mf.dll
2009-04-25 10:30   98,816   a-------   c:\windows\system32\mfps.dll
2009-04-25 10:30   52,736   a-------   c:\windows\system32\rrinstaller.exe
2009-04-25 10:30   24,576   a-------   c:\windows\system32\mfpmp.exe
2009-04-25 10:30   2,048   a-------   c:\windows\system32\mferror.dll
2009-04-25 10:30   996,352   a-------   c:\windows\system32\WMNetMgr.dll
2009-04-25 10:30   94,720   a-------   c:\windows\system32\logagent.exe
2009-04-25 10:28   101,888   a-------   c:\windows\system32\drivers\mrxsmb.sys
2009-04-25 10:28   58,368   a-------   c:\windows\system32\drivers\mrxsmb20.sys
2009-04-25 10:28   84,992   a-------   c:\windows\system32\drivers\srvnet.sys
2009-04-25 10:28   130,048   a-------   c:\windows\system32\drivers\srv2.sys
2009-04-25 10:27   788,992   a-------   c:\windows\system32\rpcrt4.dll
2009-04-25 10:25   737,792   a-------   c:\windows\system32\inetcomm.dll
2009-04-25 10:25   84,480   a-------   c:\windows\system32\INETRES.dll
2009-04-25 10:24   1,645,568   a-------   c:\windows\system32\connect.dll
2009-04-25 10:23   152,576   a-------   c:\windows\system32\imagehlp.dll
2009-04-25 10:23   12,800   a-------   c:\windows\system32\drivers\fs_rec.sys
2009-04-25 10:23   5,120   a-------   c:\windows\system32\wmi.dll
2009-04-25 10:22   1,327,104   a-------   c:\windows\system32\quartz.dll
2009-04-25 10:20   974,336   a-------   c:\windows\system32\crypt32.dll
2009-04-25 10:14   633,856   a-------   c:\windows\system32\user32.dll
2009-04-25 10:13   1,341,440   a-------   c:\windows\system32\msxml6.dll
2009-04-25 10:13   2,048   a-------   c:\windows\system32\msxml6r.dll
2009-04-25 10:10   72,704   a-------   c:\windows\system32\admparse.dll
2009-04-25 10:10   826,368   a-------   c:\windows\system32\wininet.dll
2009-04-25 10:10   52,736   a-------   c:\windows\apppatch\iebrshim.dll
2009-04-25 10:10   78,336   a-------   c:\windows\system32\ieencode.dll
2009-04-25 10:10   48,128   a-------   c:\windows\system32\mshtmler.dll
2009-04-25 10:10   26,624   a-------   c:\windows\system32\ieUnatt.exe
2009-04-25 10:10   56,320   a-------   c:\windows\system32\iesetup.dll
2009-04-25 10:04   750,080   a-------   c:\windows\system32\qmgr.dll
2009-04-24 07:22   1,524,736   a-------   c:\windows\system32\wucltux.dll
2009-04-24 07:20   83,456   a-------   c:\windows\system32\wudriver.dll
2009-04-23 07:56   696,832   a-------   c:\windows\system32\localspl.dll
2009-04-21 07:04   2,028,032   a-------   c:\windows\system32\win32k.sys
2009-04-13 23:02   162,064   a-------   c:\windows\system32\wuwebv.dll
2009-04-13 23:02   31,232   a-------   c:\windows\system32\wuapp.exe
2006-11-30 23:45   262,144   a-------   c:\progra~2\ntuser.dat
2006-11-02 07:39   287,440   a-------   c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39   287,440   a-------   c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39   30,674   a-------   c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39   30,674   a-------   c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20   287,440   a-------   c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20   287,440   a-------   c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20   30,674   a-------   c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20   30,674   a-------   c:\windows\inf\perflib\0000\perfc.dat
2009-06-11 20:51   16,384   a--sh---   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-11 20:51   32,768   a--sh---   c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-11 20:51   16,384   a--sh---   c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 11:43:18.44 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 4/14/2009 1:23:00 AM
System Uptime: 6/11/2009 10:39:44 AM (1 hours ago)

Motherboard: TOSHIBA | | IAYAA
Processor: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz | U1 | 1733/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 73 GiB total, 46.687 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Ask Toolbar
Atheros Driver Installation Program
ATI Catalyst Control Center Ex
ATI Catalyst Install Manager
avast! Antivirus
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blasterball 3
CD/DVD Drive Acoustic Silencer
Chuzzle Deluxe
Chuzzle Deluxe 1.01
Desktop Dialer
DVD MovieFactory for TOSHIBA
FATE
Gamevance
Google Desktop
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Inbox Toolbar
Internet Offers
Java(TM) SE Runtime Environment 6
JEOPARDY
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft XML Parser
MSXML 4.0 SP2 (KB954430)
Peggle Deluxe 1.0
Penguins!
PokerStars
QuickTime
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
SCRABBLE
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Game Console
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Utility Common Driver
WinDVD for TOSHIBA
Wizard101
Yahoo! Music Jukebox

==== End Of File ===========================

Computer Hope Admin · « **Reply #5 on:** June 12, 2009, 12:04:11 PM »

Sorry didn't get this responded to last night, started analyzing your log using the Computer Hope process tool and got distracted with an error in that tool. Apart from Gamevance (which can be uninstalled through add/remove programs) I'm not really seeing anything wrong with these logs. You do have several Toolbars installed, however none that are malicious.

My only additional suggestion I could offer would be to try running malwarebytes from Safe Mode. Boot computer and press F8 over and over until you get the startup menu and then select Safe Mode and run malwarebytes from within safe mode.

What problems are you currently running into now after you followed the steps I mentioned earlier?

majakldragon · « **Reply #6 on:** June 12, 2009, 05:31:45 PM »

I had tried to unstall gamevance from the add/remove program and it would not uninstall. I also tried to remove crawler by using HJT, it would not remove. The Vista updates will not install. Most online scanners lock up the computer. Malware Bytes shows a Vundo virus. The laptop is running extremely slow and takes forever to load anything. I am not talking long seconds, more like 10 minutes to do most anything. I also can not open any pages if Avast is running. As soon as I disable the AV pages will slowly load. My homepage is also being redirected.

majakldragon · « **Reply #7 on:** June 12, 2009, 06:49:03 PM »

OK I ran MWB from safemode and it took care of at least part of the problem. I am still being redirected to inbox.com.

Malwarebytes' Anti-Malware 1.37
Database version: 2270
Windows 6.0.6000

6/12/2009 7:18:12 PM
mbam-log-2009-06-12 (19-18-12).txt

Scan type: Quick Scan
Objects scanned: 69975
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 27
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

HJT logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:44:57 PM, on 6/12/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16851)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60181
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80229
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8423 bytes

evilfantasy · « **Reply #8 on:** June 12, 2009, 10:24:45 PM »

Do you use inbox.com as a mail service?

majakldragon · « **Reply #9 on:** June 13, 2009, 01:37:23 PM »

No I do not use inbox as a mail service. This program/toolbar appeared after the gamevance program was installed.

evilfantasy · « **Reply #10 on:** June 13, 2009, 02:48:41 PM »

Go to Add or Remove Programs and uninstall:

Ask Toolbar
Inbox Toolbar

.
----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
uStart Page = hxxp://www.inbox.com/?tb_id=80229
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60181
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80229
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80229
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Gamevance Text: {beac7dc8-e106-4c6a-931e-5a42e7362883} - c:\program files\gamevance\gvtl.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll

Folder::
c:\progra~1\inboxt~1
c:\program files\askbardis
c:\program files\gamevance

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

majakldragon · « **Reply #11 on:** June 14, 2009, 05:25:23 PM »

combofix log:

ComboFix 09-06-14.02 - Smartys 06/14/2009 18:01.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.446.103 [GMT -5:00]
Running from: c:\users\Smartys\Desktop\ComboFix.exe
Command switches used :: c:\users\Smartys\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090614-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1335 [VPS 090614-0] *disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Smartys\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk

.
((((((((((((((((((((((((( Files Created from 2009-05-14 to 2009-06-14 )))))))))))))))))))))))))))))))
.

2009-06-13 00:05 . 2009-05-26 18:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-13 00:05 . 2009-05-26 18:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-12 02:45 . 2009-04-23 12:56   696832   ----a-w-   c:\windows\system32\localspl.dll
2009-06-12 02:40 . 2009-04-21 12:04   2028032   ----a-w-   c:\windows\system32\win32k.sys
2009-06-12 02:24 . 2009-06-12 02:24   --------   d-----w-   c:\users\Smartys\AppData\Local\WindowsUpdate
2009-06-12 02:08 . 2009-06-12 02:08   --------   d-----w-   c:\users\Smartys\AppData\Local\MigWiz
2009-06-11 16:00 . 2009-06-14 22:48   117760   ----a-w-   c:\users\Smartys\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-11 15:56 . 2009-06-11 15:56   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-11 15:27 . 2009-04-23 13:01   788992   ----a-w-   c:\windows\system32\rpcrt4.dll
2009-06-11 15:27 . 2009-04-24 16:22   827392   ----a-w-   c:\windows\system32\wininet.dll
2009-06-11 05:30 . 2009-06-11 05:30   --------   d-----w-   c:\users\Smartys\AppData\Roaming\Malwarebytes
2009-06-11 05:30 . 2009-06-11 05:30   --------   d-----w-   c:\programdata\Malwarebytes
2009-06-11 05:30 . 2009-06-13 00:05   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-11 05:01 . 2009-06-11 05:01   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2009-06-11 04:59 . 2009-06-11 15:58   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-11 04:59 . 2009-06-11 04:59   --------   d-----w-   c:\users\Smartys\AppData\Roaming\SUPERAntiSpyware.com
2009-06-11 04:34 . 2009-02-05 20:06   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-06-11 04:34 . 2009-02-05 20:06   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-06-11 04:34 . 2009-02-05 20:04   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-06-11 04:34 . 2009-02-05 20:07   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-06-11 04:34 . 2009-02-05 20:07   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-06-11 04:33 . 2009-02-05 20:11   1256296   ----a-w-   c:\windows\system32\aswBoot.exe
2009-06-11 04:33 . 2009-02-05 20:06   51792   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-06-11 04:33 . 2003-03-18 20:20   1060864   ----a-w-   c:\windows\system32\MFC71.dll
2009-06-11 04:33 . 2009-06-11 04:33   --------   d-----w-   c:\program files\Alwil Software
2009-06-10 05:04 . 2009-06-10 05:04   --------   d-----w-   c:\program files\Panda Security
2009-06-10 02:46 . 2009-06-10 02:46   --------   d-----w-   c:\program files\Trend Micro
2009-06-03 08:20 . 2009-06-03 08:20   --------   d-----w-   C:\5dba22dae257e13d3112b3df165d
2009-05-22 01:25 . 2009-05-22 01:25   --------   d-----w-   c:\users\Smartys\AppData\Roaming\MySpace
2009-05-22 01:25 . 2009-05-22 01:25   --------   d-----w-   c:\program files\MySpace
2009-05-21 14:42 . 2009-05-21 14:42   --------   d-----w-   c:\users\Smartys\AppData\Roaming\AdobeUM
2009-05-20 23:31 . 2009-05-20 23:31   --------   d-----w-   c:\users\Smartys\AppData\Local\Yahoo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-12 23:31 . 2006-12-01 04:58   --------   d-----w-   c:\programdata\Microsoft Help
2009-06-11 15:10 . 2006-12-03 23:14   --------   d-----w-   c:\programdata\McAfee
2009-06-11 15:01 . 2006-12-01 04:56   --------   d-----w-   c:\program files\Microsoft Works
2009-06-10 16:54 . 2006-12-01 04:19   --------   d-----w-   c:\program files\Google
2009-05-16 21:40 . 2009-05-06 23:29   1376256   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\libXmlDocument.dll
2009-05-16 21:40 . 2009-05-06 23:29   13742760   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\WizardGraphicalClient.exe
2009-05-16 21:39 . 2009-05-06 23:28   49152   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Shockalock.dll
2009-05-16 21:39 . 2009-05-06 23:28   36864   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_PotionMotion.dll
2009-05-16 21:39 . 2009-05-06 23:28   53248   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_HotShots.dll
2009-05-16 21:39 . 2009-05-06 23:28   94208   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Dueling_Diego.dll
2009-05-16 21:39 . 2009-05-06 23:28   36864   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_Concentration.dll
2009-05-16 21:39 . 2009-05-06 23:28   49152   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\MG_ChooChooZoo.dll
2009-05-16 21:39 . 2009-05-06 23:23   127656   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\BugReporter.exe
2009-05-16 21:38 . 2009-05-06 23:26   770728   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardLauncher.exe
2009-05-16 21:38 . 2009-05-06 23:23   770728   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardLauncher.exe
2009-05-16 21:38 . 2009-05-06 23:26   73728   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\PatchClientUIRsrc.dll
2009-05-16 21:38 . 2009-05-06 23:23   73728   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\PatchClientUIRsrc.dll
2009-05-16 21:38 . 2009-05-06 23:26   111272   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\Configurator.exe
2009-05-16 21:38 . 2009-05-06 23:23   111272   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\Configurator.exe
2009-05-15 20:30 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-05-09 18:16 . 2009-05-09 18:15   --------   d-----w-   c:\programdata\PopCap Games
2009-05-09 18:16 . 2009-05-09 18:15   --------   d-----w-   c:\program files\PopCap Games
2009-05-06 23:35 . 2009-05-06 23:35   449536   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles72a\mss32.dll
2009-05-06 23:35 . 2009-05-06 23:35   389120   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Data\GameData\ZoneData\_Shared\WorldData\Sound\Miles\mss32.dll
2009-05-06 23:29 . 2009-05-06 23:29   59904   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\zlib1.dll
2009-05-06 23:29 . 2009-05-06 23:29   626688   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcr80.dll
2009-05-06 23:29 . 2009-05-06 23:29   548864   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\msvcp80.dll
2009-05-06 23:29 . 2009-05-06 23:29   389120   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\mss32.dll
2009-05-06 23:29 . 2009-05-06 23:29   1101824   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\mfc80.dll
2009-05-06 23:29 . 2009-05-06 23:29   1645320   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\gdiplus.dll
2009-05-06 23:29 . 2009-05-06 23:29   1045128   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\dbghelp.dll
2009-05-06 23:29 . 2009-05-06 23:29   2414360   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\d3dx9_31.dll
2009-05-06 23:28 . 2009-05-06 23:28   2   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\PropertyClassSystem.dll
2009-05-06 23:28 . 2009-05-06 23:28   2   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\KIPlatformWebService.dll
2009-05-06 23:28 . 2009-05-06 23:28   2   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\KIPlatformDb.dll
2009-05-06 23:28 . 2009-05-06 23:28   2   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\KIHousingServer.dll
2009-05-06 23:28 . 2009-05-06 23:28   2   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Bin\ICSharpCode.SharpZipLib.dll
2009-05-06 23:27 . 2009-05-06 23:28   13107200   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\WizardGraphicalClient.exe
2009-05-06 23:27 . 2009-05-06 23:27   13107200   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\WizardGraphicalClient.exe
2009-05-06 23:23 . 2009-05-06 23:23   --------   d-----w-   c:\programdata\KingsIsle Entertainment
2009-05-06 23:23 . 2006-12-01 03:21   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-05-06 22:23 . 2009-05-02 22:26   --------   d-----w-   c:\program files\PokerStars
2009-05-05 23:05 . 2009-05-06 23:26   59904   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\zlib1.dll
2009-05-05 23:05 . 2009-05-06 23:26   495616   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\SkinCrafterDll.dll
2009-05-05 23:05 . 2009-05-06 23:26   207872   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\patchw32.dll
2009-05-05 23:05 . 2009-05-06 23:26   1645320   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankB\gdiplus.dll
2009-05-05 23:05 . 2009-05-06 23:23   37032   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\Wizard101.exe
2009-05-05 23:05 . 2009-05-06 23:23   59904   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\zlib1.dll
2009-05-05 23:05 . 2009-05-06 23:23   495616   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\SkinCrafterDll.dll
2009-05-05 23:05 . 2009-05-06 23:23   207872   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\patchw32.dll
2009-05-05 23:05 . 2009-05-06 23:23   1645320   ----a-w-   c:\programdata\KingsIsle Entertainment\Wizard101\PatchClient\BankA\gdiplus.dll
2009-05-02 19:25 . 2006-12-01 04:18   --------   d-----w-   c:\programdata\WildTangent
2009-05-02 16:05 . 2009-05-02 16:05   --------   d-----w-   c:\users\Smartys\AppData\Roaming\WildTangent
2009-05-02 10:11 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Calendar
2009-05-02 10:11 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2009-05-01 01:37 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Defender
2009-04-26 19:49 . 2006-11-02 12:35   --------   d-----w-   c:\program files\Windows Sidebar
2009-04-26 19:23 . 2009-04-26 19:23   4093440   ----a-w-   c:\windows\system32\NlsLexicons004c.dll
2009-04-26 19:17 . 2009-04-26 19:17   1585664   ----a-w-   c:\windows\system32\setupapi.dll
2009-04-26 19:14 . 2009-04-26 19:14   549888   ----a-w-   c:\windows\system32\rpcss.dll
2009-04-26 19:14 . 2009-04-26 19:14   3503584   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2009-04-26 19:14 . 2009-04-26 19:14   3469280   ----a-w-   c:\windows\system32\ntoskrnl.exe
2009-04-26 19:14 . 2009-04-26 19:14   24576   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2009-04-26 19:14 . 2009-04-26 19:14   654336   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2009-04-26 19:14 . 2009-04-26 19:14   501760   ----a-w-   c:\windows\system32\wbem\WmiPrvSD.dll
2009-04-26 19:14 . 2009-04-26 19:14   247296   ----a-w-   c:\windows\system32\wbem\WmiPrvSE.exe
2009-04-26 19:14 . 2009-04-26 19:14   130560   ----a-w-   c:\windows\system32\wbem\WmiDcPrv.dll
2009-04-26 19:14 . 2009-04-26 19:14   614912   ----a-w-   c:\windows\system32\wbem\fastprox.dll
2009-04-26 19:14 . 2009-04-26 19:14   97280   ----a-w-   c:\windows\system32\iasrecst.dll
2009-04-26 19:14 . 2009-04-26 19:14   53248   ----a-w-   c:\windows\system32\iasads.dll
2009-04-26 19:14 . 2009-04-26 19:14   37888   ----a-w-   c:\windows\system32\iasdatastore.dll
2009-04-26 19:14 . 2009-04-26 19:14   158720   ----a-w-   c:\windows\system32\sdohlp.dll
2009-04-26 19:12 . 2009-04-26 19:12   9728   ----a-w-   c:\windows\system32\LAPRXY.DLL
2009-04-26 19:12 . 2009-04-26 19:12   223232   ----a-w-   c:\windows\system32\WMASF.DLL
2009-04-26 19:12 . 2009-04-26 19:12   2048   ----a-w-   c:\windows\system32\asferror.dll
2009-04-26 19:11 . 2009-04-26 19:11   7680   ----a-w-   c:\windows\system32\lsass.exe
2009-04-26 19:11 . 2009-04-26 19:11   72704   ----a-w-   c:\windows\system32\secur32.dll
2009-04-26 19:11 . 2009-04-26 19:11   1233408   ----a-w-   c:\windows\system32\lsasrv.dll
2009-04-26 19:11 . 2009-04-26 19:11   25600   ----a-w-   c:\windows\system32\amxread.dll
2009-04-26 19:11 . 2009-04-26 19:11   14848   ----a-w-   c:\windows\system32\apilogen.dll
2009-04-26 19:10 . 2009-04-26 19:10   33280   ----a-w-   c:\windows\system32\slwmi.dll
2009-04-26 19:10 . 2009-04-26 19:10   268288   ----a-w-   c:\windows\system32\mcbuilder.exe
2009-04-26 19:10 . 2009-04-26 19:10   223232   ----a-w-   c:\windows\system32\SLC.dll
2009-04-26 19:10 . 2009-04-26 19:10   566784   ----a-w-   c:\windows\system32\SLCommDlg.dll
2009-04-26 19:10 . 2009-04-26 19:10   57856   ----a-w-   c:\windows\system32\SLUINotify.dll
2009-04-26 19:10 . 2009-04-26 19:10   351232   ----a-w-   c:\windows\system32\SLUI.exe
2009-04-26 19:10 . 2009-04-26 19:10   186368   ----a-w-   c:\windows\system32\SLLUA.exe
2009-04-26 19:10 . 2009-04-26 19:10   39936   ----a-w-   c:\windows\system32\slcinst.dll
2009-04-26 19:10 . 2009-04-26 19:10   2605568   ----a-w-   c:\windows\system32\SLsvc.exe
2009-04-26 19:09 . 2009-04-26 19:09   425472   ----a-w-   c:\windows\system32\PhotoMetadataHandler.dll
2009-04-26 19:08 . 2009-04-26 19:08   712192   ----a-w-   c:\windows\system32\WindowsCodecs.dll
2009-04-26 19:08 . 2009-04-26 19:08   347136   ----a-w-   c:\windows\system32\WindowsCodecsExt.dll
2009-04-26 19:07 . 2009-04-26 19:07   37376   ----a-w-   c:\windows\system32\printcom.dll
2009-04-26 19:07 . 2009-04-26 19:07   441856   ----a-w-   c:\windows\system32\win32spl.dll
2009-04-26 19:06 . 2009-04-26 19:06   14848   ----a-w-   c:\windows\system32\wshrm.dll
2009-04-26 19:06 . 2009-04-26 19:06   113664   ----a-w-   c:\windows\system32\drivers\rmcast.sys
2009-04-26 19:03 . 2009-04-26 19:03   11776   ----a-w-   c:\windows\system32\sbunattend.exe
2009-04-26 18:59 . 2009-04-26 18:59   290304   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-04-25 18:14 . 2009-04-25 18:14   376832   ----a-w-   c:\windows\system32\winhttp.dll
2009-04-25 15:32 . 2009-04-25 15:32   83968   ----a-w-   c:\windows\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-12 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-01 240640]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-11-23 409264]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-11-28 52912]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2006-11-20 446128]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2006-11-29 523952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
"NDSTray.exe"="NDSTray.exe" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9B84C7CB-938F-42A9-BC65-D496E5230231}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{A6779502-346E-41E2-A06F-7A4A3699E167}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{EB486A2C-BD47-41B8-9258-1BFD07655CFB}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{812F24F6-5A02-45BF-8FC7-ACBB0F1AF7A4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{03EDD2C1-E2DC-42F4-B94E-B029C80C3994}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"= c:\toshiba\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\toshiba\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/10/2009 11:34 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/10/2009 11:34 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/10/2009 11:33 PM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork   REG_MULTI_SZ     PLA DPS BFE mpssvc
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 18:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\System32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\System32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\CF22572.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\windows\System32\wsqmcons.exe
c:\windows\System32\schtasks.exe
.
**************************************************************************
.
Completion time: 2009-06-14 18:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-14 23:20

Pre-Run: 49,822,482,432 bytes free
Post-Run: 50,904,535,040 bytes free

267   --- E O F ---   2009-06-12 23:37

majakldragon · « **Reply #12 on:** June 14, 2009, 05:29:40 PM »

The crawler search is still showing up on the web page.

evilfantasy · « **Reply #13 on:** June 14, 2009, 05:36:57 PM »

Quote from: majakldragon on June 14, 2009, 05:29:40 PM

The crawler search is still showing up on the web page.

Can you explain that a little better?

evilfantasy · « **Reply #14 on:** June 14, 2009, 05:40:02 PM »

Also look in Add/Remove Programs and uninstall Internet Offers.

Computer Hope Forum

News:

Author Topic: Help me remove viruses from Vista, updated logs enclosed (Read 11974 times)

majakldragon

Help me remove viruses from Vista, updated logs enclosed

Computer Hope Admin

Re: Help me remove viruses from Vista, HJT inclosed

majakldragon

Re: Help me remove viruses from Vista, HJT inclosed

majakldragon

Re: Help me remove viruses from Vista, HJT inclosed

majakldragon

Re: Help me remove viruses from Vista, HJT inclosed

Computer Hope Admin

Re: Help me remove viruses from Vista, updated logs enclosed

majakldragon

Re: Help me remove viruses from Vista, updated logs enclosed

majakldragon

Re: Help me remove viruses from Vista, updated logs enclosed

evilfantasy

Re: Help me remove viruses from Vista, updated logs enclosed

majakldragon

Re: Help me remove viruses from Vista, updated logs enclosed

evilfantasy

Re: Help me remove viruses from Vista, updated logs enclosed

majakldragon

Re: Help me remove viruses from Vista, updated logs enclosed

majakldragon

Re: Help me remove viruses from Vista, updated logs enclosed

evilfantasy

Re: Help me remove viruses from Vista, updated logs enclosed

evilfantasy

Re: Help me remove viruses from Vista, updated logs enclosed