Jump to content

Malwarebytes

Google Redirect

- - - - -
Started by zippy 02, Mar 01 2009 08:47 PM

16 replies to this topic

#1
zippy 02
Posted 01 March 2009 - 08:47 PM

    New Member

  • Members
  • Pip
  • 9 posts
Hello everyone ;) . For the past few days most of my Google searches have redirected me to some random site. It's becoming extremely annoying. I've ran updated versions of Norton Internet Security, Malwarebytes' Anti-Malware, SUPER Antispyware, Ad-Aware, and Spybot S&D, and neither of them detects anything. I'm also using the latest version of Mozilla Firefox. This is my HijackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:25:52 PM, on 3/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sam2003.course.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6062F5-D44A-4405-8D70-1843B38A7DAE}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MrHealthy (MrHealthyService) - Symantec Corporation - C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 13932 bytes


Someone please help me! Thanks!

#2
AdvancedSetup
Posted 02 March 2009 - 07:31 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
Please post your MBAM log and then run this one.

[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#3
zippy 02
Posted 02 March 2009 - 05:58 PM

    New Member

  • Members
  • Pip
  • 9 posts
Hey, thanks for your reply. As requested, here are the logs.



Here is my MBAM log:


Malwarebytes' Anti-Malware 1.34
Database version: 1814
Windows 5.1.2600 Service Pack 3

3/2/2009 12:17:38 PM
mbam-log-2009-03-02 (12-17-38).txt

Scan type: Quick Scan
Objects scanned: 70670
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here is the DDS.txt:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jorge Torres at 12:33:39.90 on Mon 03/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.583 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090228-0] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\Jorge Torres\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\jorget~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jorget~1\applic~1\mozilla\firefox\profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jorge torres\application data\mozilla\firefox\profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-7 114768]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-7 138680]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-2-8 114024]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090302.002\NAVENG.SYS [2009-3-2 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090302.002\NAVEX15.SYS [2009-3-2 876144]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-5 1251720]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-13 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-13 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-13 81288]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-13 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-13 1079176]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2009-03-01 13:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-01 11:59 <DIR> --d----- c:\docume~1\jorget~1\applic~1\IObit
2009-03-01 11:59 <DIR> --d----- c:\program files\IObit
2009-02-28 16:24 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 22:56 <DIR> --d----- c:\program files\HDD Health
2009-02-20 21:14 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-20 19:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-20 19:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 19:31 <DIR> --d----- c:\program files\Lavasoft
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-18 13:45 <DIR> --d----- c:\program files\Norton PC Checkup
2009-02-18 10:43 <DIR> --d----- c:\windows\system32\Adobe
2009-02-13 21:04 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-02-13 21:04 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-13 21:04 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-13 21:04 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-13 21:04 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 21:04 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-13 21:03 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-13 21:03 <DIR> --d----- c:\docume~1\jorget~1\applic~1\PC Tools
2009-02-13 21:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-12 11:20 <DIR> --d----- c:\docume~1\jorget~1\applic~1\Ashampoo
2009-02-12 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-12 11:20 <DIR> --d----- c:\program files\Ashampoo
2009-02-08 10:23 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 10:23 <DIR> --d----- c:\program files\KeyScrambler
2009-02-08 10:03 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-07 19:51 <DIR> --d----- C:\Sandbox
2009-02-07 19:39 1,496 a------- c:\windows\Sandboxie.ini
2009-02-07 19:39 <DIR> --d----- c:\program files\Sandboxie
2009-02-06 20:20 <DIR> --d----- c:\program files\Trend Micro
2009-02-05 14:10 <DIR> --d----- c:\program files\CCleaner
2009-02-05 12:10 <DIR> --d----- c:\docume~1\jorget~1\applic~1\WIPE
2009-02-05 12:10 <DIR> --d----- c:\program files\Wipe
2009-02-04 19:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 19:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-04 17:02 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-03 11:29 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-03 11:29 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-03 11:28 <DIR> --d----- c:\program files\iPod
2009-02-03 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 11:28 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-02-12 11:08 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-06 12:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 12:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 12:07 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 12:07 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-03-14 16:36 34,744 a------- c:\docume~1\jorget~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-10 11:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 12:34:16.23 ===============



And here is the Attach.txt log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2007 4:56:05 PM
System Uptime: 3/2/2009 10:10:07 AM (2 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 60.272 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Service: w39n51

==== System Restore Points ===================

RP1: 2/13/2009 6:44:07 PM - System Checkpoint
RP2: 2/14/2009 7:20:53 PM - System Checkpoint
RP3: 2/16/2009 1:00:26 PM - Software Distribution Service 3.0
RP4: 2/17/2009 6:46:05 PM - System Checkpoint
RP5: 2/18/2009 10:43:58 AM - Shockwave Player
RP6: 2/19/2009 1:06:20 PM - System Checkpoint
RP7: 2/20/2009 3:10:39 PM - System Checkpoint
RP8: 2/21/2009 4:03:38 PM - System Checkpoint
RP9: 2/23/2009 3:36:28 PM - System Checkpoint
RP10: 2/24/2009 4:53:37 PM - System Checkpoint
RP11: 2/25/2009 1:00:19 PM - Software Distribution Service 3.0
RP12: 2/26/2009 4:44:43 PM - System Checkpoint
RP13: 2/27/2009 5:53:06 PM - System Checkpoint
RP14: 2/28/2009 3:30:25 PM - Software Distribution Service 3.0
RP15: 2/28/2009 3:51:16 PM - Restore Operation
RP16: 2/28/2009 4:03:22 PM - Restore Operation
RP17: 2/28/2009 4:12:22 PM - Restore Operation
RP18: 2/28/2009 6:03:55 PM - Removed Bonjour
RP19: 3/1/2009 4:04:35 PM - Shockwave Player

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
avast! Antivirus
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite
ccCommon
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
CheckIt Diagnostics
Component Framework
Connection Keep Alive
Desktop Dialer
DriverAgent by eSupport.com
DVD-RAM Driver
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Fallout
Google Earth
Google Toolbar for Internet Explorer
HDD Health v3.3 Beta
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
KeyScrambler
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.6)
Mozilla Password Recovery
mPfMgr
mPfWiz
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Norton AntiVirus
Norton AntiVirus Help
Norton Cleanup
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton PC Checkup
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Office 2003 Trial Assistant
PaperPort
PeerGuardian 2.0
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Sandboxie 3.34
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Defrag 1.11
Sonic DLA
Sonic Encoders
Sonic RecordNow!
SPBBC 32bit
Sprint Mobile Broadband (Sierra)
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
TestDrive Client
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Service Pack 3
Wipe
Works Upgrade
Xilisoft DVD Creator
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

2/27/2009 11:27:38 AM, error: Dhcp [1002] - The IP address lease 192.168.100.11 for the Network Card with network address 00A0D15356B8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
2/27/2009 11:23:09 AM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
2/27/2009 1:10:06 AM, error: Dhcp [1002] - The IP address lease 76.18.56.162 for the Network Card with network address 00A0D15356B8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
2/25/2009 7:37:31 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
2/28/2009 3:04:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Imapi PxHelp20
2/28/2009 3:21:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
2/28/2009 3:51:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PxHelp20
2/28/2009 6:45:27 PM, error: Dhcp [1002] - The IP address lease 76.18.56.54 for the Network Card with network address 00A0D15356B8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
3/1/2009 1:10:15 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/1/2009 1:15:55 PM, error: Dhcp [1002] - The IP address lease 76.26.19.168 for the Network Card with network address 00A0D15356B8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
3/1/2009 1:30:59 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/2/2009 12:20:38 AM, error: Dhcp [1002] - The IP address lease 76.26.18.31 for the Network Card with network address 00A0D15356B8 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

#4
AdvancedSetup
Posted 03 March 2009 - 02:51 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
You need to remove your P2P file sharing software first if you want us to continue to assist you.
µTorrent

You're also using tools to decrypt DVD for copying which is illegal. We can help you but you need to remove this tool first.
DVD Decrypter (Remove Only)


Old products that need to be removed and updated due to exploited code.
Adobe Reader 7.0
J2SE Runtime Environment 5.0 Update 4


If we do find other illegal software while assisting you we will close the post, so make sure you remove anything that might be considered illegal before we proceed.

Thank you.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#5
zippy 02
Posted 04 March 2009 - 05:53 AM

    New Member

  • Members
  • Pip
  • 9 posts
Ok, I removed µTorrent as well as DVDdecrypter from my HD. I don't think there's anything else, but if I missed anything I'd have no problem deleting it.

I've also uninstalled Adobe Reader 7.0 and J2SE Runtime Environment 5.0 Update 4.

Here are my new logs...


MBAM log:

Malwarebytes' Anti-Malware 1.34
Database version: 1815
Windows 5.1.2600 Service Pack 3

3/3/2009 11:07:46 PM
mbam-log-2009-03-03 (23-07-46).txt

Scan type: Quick Scan
Objects scanned: 68419
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS.txt log:

DDS (Ver_09-02-01.01) - NTFSx86
Run by Jorge Torres at 0:00:17.43 on Wed 03/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.513 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Updated)
AV: avast! antivirus 4.8.1335 [VPS 090303-2] *On-access scanning disabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*
FW: Norton Internet Security *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton PC Checkup\executables\mrHealthy\MrHealthy.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Jorge Torres\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\jorget~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jorget~1\applic~1\mozilla\firefox\profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jorge torres\application data\mozilla\firefox\profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-20 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-7 114768]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-7 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-7 138680]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 MrHealthyService;MrHealthy;c:\program files\norton pc checkup\executables\mrhealthy\mrhealthy.exe -service --> c:\program files\norton pc checkup\executables\mrhealthy\MrHealthy.exe -service [?]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-2-8 114024]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090303.023\NAVENG.SYS [2009-3-3 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090303.023\NAVEX15.SYS [2009-3-3 876144]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-13 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-13 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-13 81288]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-13 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-13 1079176]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-5 1251720]

=============== Created Last 30 ================

2009-03-01 13:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-01 11:59 <DIR> --d----- c:\docume~1\jorget~1\applic~1\IObit
2009-03-01 11:59 <DIR> --d----- c:\program files\IObit
2009-02-28 16:24 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 22:56 <DIR> --d----- c:\program files\HDD Health
2009-02-20 21:14 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-20 19:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-20 19:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 19:31 <DIR> --d----- c:\program files\Lavasoft
2009-02-19 12:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 12:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 11:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 11:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-18 13:45 <DIR> --d----- c:\program files\Norton PC Checkup
2009-02-18 10:43 <DIR> --d----- c:\windows\system32\Adobe
2009-02-13 21:04 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-02-13 21:04 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-13 21:04 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-13 21:04 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-13 21:04 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 21:04 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-13 21:03 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-13 21:03 <DIR> --d----- c:\docume~1\jorget~1\applic~1\PC Tools
2009-02-13 21:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-12 11:20 <DIR> --d----- c:\docume~1\jorget~1\applic~1\Ashampoo
2009-02-12 11:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-12 11:20 <DIR> --d----- c:\program files\Ashampoo
2009-02-08 10:23 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 10:23 <DIR> --d----- c:\program files\KeyScrambler
2009-02-08 10:03 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-07 19:51 <DIR> --d----- C:\Sandbox
2009-02-07 19:39 1,496 a------- c:\windows\Sandboxie.ini
2009-02-07 19:39 <DIR> --d----- c:\program files\Sandboxie
2009-02-06 20:20 <DIR> --d----- c:\program files\Trend Micro
2009-02-05 14:10 <DIR> --d----- c:\program files\CCleaner
2009-02-05 12:10 <DIR> --d----- c:\docume~1\jorget~1\applic~1\WIPE
2009-02-05 12:10 <DIR> --d----- c:\program files\Wipe
2009-02-04 19:12 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-02-04 19:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-02-04 17:02 <DIR> --d-h--- c:\windows\system32\GroupPolicy
2009-02-03 11:29 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-03 11:29 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-03 11:28 <DIR> --d----- c:\program files\iPod
2009-02-03 11:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 11:28 <DIR> --d----- c:\program files\iTunes

==================== Find3M ====================

2009-02-12 11:08 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-06 12:07 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 12:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-01-06 12:07 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 12:07 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-03-14 16:36 34,744 a------- c:\docume~1\jorget~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-10 11:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 0:01:01.65 ===============


Attach.txt log:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/5/2007 4:56:05 PM
System Uptime: 3/3/2009 10:54:01 PM (2 hours ago)

Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | U1 | 1662/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 46.218 GiB free.
D: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10408086&REV_02\4&2803E7C1&0&00E2
Service: w39n51

==== System Restore Points ===================

RP1: 2/13/2009 6:44:07 PM - System Checkpoint
RP2: 2/14/2009 7:20:53 PM - System Checkpoint
RP3: 2/16/2009 1:00:26 PM - Software Distribution Service 3.0
RP4: 2/17/2009 6:46:05 PM - System Checkpoint
RP5: 2/18/2009 10:43:58 AM - Shockwave Player
RP6: 2/19/2009 1:06:20 PM - System Checkpoint
RP7: 2/20/2009 3:10:39 PM - System Checkpoint
RP8: 2/21/2009 4:03:38 PM - System Checkpoint
RP9: 2/23/2009 3:36:28 PM - System Checkpoint
RP10: 2/24/2009 4:53:37 PM - System Checkpoint
RP11: 2/25/2009 1:00:19 PM - Software Distribution Service 3.0
RP12: 2/26/2009 4:44:43 PM - System Checkpoint
RP13: 2/27/2009 5:53:06 PM - System Checkpoint
RP14: 2/28/2009 3:30:25 PM - Software Distribution Service 3.0
RP15: 2/28/2009 3:51:16 PM - Restore Operation
RP16: 2/28/2009 4:03:22 PM - Restore Operation
RP17: 2/28/2009 4:12:22 PM - Restore Operation
RP18: 2/28/2009 6:03:55 PM - Removed Bonjour
RP19: 3/1/2009 4:04:35 PM - Shockwave Player
RP20: 3/2/2009 6:47:52 PM - System Checkpoint
RP21: 3/3/2009 7:57:36 PM - Removed Adobe Reader 7.0
RP22: 3/3/2009 7:58:56 PM - Removed J2SE Runtime Environment 5.0 Update 4

==== Installed Programs ======================

7-Zip 4.65
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Shockwave Player
AIM 6
AppCore
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE
avast! Antivirus
AVS4YOU Software Navigator 1.3
Bluetooth Stack for Windows by Toshiba
Brother MFL-Pro Suite
ccCommon
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
CheckIt Diagnostics
Component Framework
Connection Keep Alive
Desktop Dialer
DriverAgent by eSupport.com
DVD-RAM Driver
DVD Shrink 3.2
Fallout
Google Earth
Google Toolbar for Internet Explorer
HDD Health v3.3 Beta
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
KeyScrambler
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.6)
Mozilla Password Recovery
mPfMgr
mPfWiz
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Norton AntiVirus
Norton AntiVirus Help
Norton Cleanup
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton PC Checkup
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
Office 2003 Trial Assistant
PaperPort
PeerGuardian 2.0
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Sandboxie 3.34
SD Secure Module
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Defrag 1.11
Sonic DLA
Sonic Encoders
Sonic RecordNow!
SPBBC 32bit
Sprint Mobile Broadband (Sierra)
Spybot - Search & Destroy
Spyware Doctor 6.0
SpywareBlaster 4.1
SUPERAntiSpyware Free Edition
Symantec Real Time Storage Protection Component
SymNet
Synaptics Pointing Device Driver
TestDrive Client
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
Toshiba Media Center Game Console
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Rollup 2 for Windows XP Media Center Edition 2005
VideoLAN VLC media player 0.8.6c
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB914548
Windows XP Service Pack 3
Wipe
Works Upgrade
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

3/3/2009 7:11:13 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.

==== End Of File ===========================




Thanks, I really appreciate your help.

#6
AdvancedSetup
Posted 05 March 2009 - 03:55 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
Okay you seem to have TOO much Anti-Virus on the computer. You can only have 1 Anti-Virus application installed at the same time as they conflict with each other.
Please choose 1 and remove the other(s).

avast! Antivirus
Norton AntiVirus
Norton AntiVirus Help
Norton Cleanup
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton PC Checkup
Norton Protection Center
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities

Not sure if all of those Symantec products are part of the same package but if not then choose which one to keep for AV, if they are all the same thats okay then.

Then DISABLE ALL AV and download and run this tool.

[indent]Please visit this webpage for instructions for downloading ComboFix to your DESKTOP : how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
NOTE!!: You must save and run ComboFix.exe on your DESKTOP and not from any other folder.
Also, DO NOT click the mouse or launch any other applications while this is running or it may stall the program

Additional links to download the tool:
ComboFix.exe
ComboFix.exe
ComboFix.exe


Note: The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#7
zippy 02
Posted 05 March 2009 - 06:29 PM

    New Member

  • Members
  • Pip
  • 9 posts
Alright, I uninstalled avast and I kept Norton. All the Symantec/Norton programs are part of the same package. Here are the logs you requested...

ComboFix.txt:

ComboFix 09-03-04.01 - Jorge Torres 2009-03-05 12:58:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.508 [GMT -5:00]
Running from: c:\documents and settings\Jorge Torres\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall Plus *enabled*
FW: Norton Internet Security *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-05 12:58 . 2009-03-05 12:58 6,736 --a------ c:\windows\system32\drivers\PROCEXP90.SYS
2009-03-04 15:21 . 2009-03-04 15:21 <DIR> d-------- c:\program files\Crawler
2009-03-01 22:20 . 2009-03-01 22:20 <DIR> d-------- c:\program files\7-Zip
2009-03-01 13:56 . 2009-03-01 14:04 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-01 11:59 . 2009-03-01 11:59 <DIR> d-------- c:\program files\IObit
2009-03-01 11:59 . 2009-03-01 11:59 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\IObit
2009-02-28 16:24 . 2009-02-28 16:24 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 22:56 . 2009-02-26 22:56 <DIR> d-------- c:\program files\HDD Health
2009-02-20 21:14 . 2009-02-20 19:34 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-20 19:34 . 2009-02-20 19:34 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-20 19:32 . 2009-02-20 19:32 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 19:31 . 2009-02-20 19:31 <DIR> d-------- c:\program files\Lavasoft
2009-02-20 19:31 . 2009-02-20 19:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-19 12:03 . 2009-02-19 12:03 579,464 --a------ c:\windows\system32\SymNeti.dll
2009-02-19 12:03 . 2009-02-19 12:03 207,240 --a------ c:\windows\system32\SymRedir.dll
2009-02-19 11:31 . 2009-02-19 11:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys
2009-02-19 11:31 . 2009-02-19 11:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys
2009-02-19 11:31 . 2009-02-19 11:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys
2009-02-19 11:31 . 2009-02-19 11:31 38,576 --a------ c:\windows\system32\drivers\symids.sys
2009-02-19 11:31 . 2009-02-19 11:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys
2009-02-19 11:31 . 2009-02-19 11:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys
2009-02-19 11:31 . 2009-02-19 11:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys
2009-02-19 11:31 . 2009-02-19 11:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys
2009-02-19 11:31 . 2009-02-19 11:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat
2009-02-19 11:31 . 2009-02-19 11:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf
2009-02-18 10:43 . 2009-02-18 10:45 <DIR> d-------- c:\windows\system32\Adobe
2009-02-13 21:04 . 2009-02-13 21:06 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-02-13 21:04 . 2009-03-04 15:33 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 21:04 . 2008-07-28 12:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-02-13 21:04 . 2008-08-25 12:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-13 21:04 . 2008-08-25 12:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-13 21:04 . 2008-08-25 12:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 21:04 . 2008-06-02 16:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-13 21:03 . 2009-03-04 15:32 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\PC Tools
2009-02-13 21:03 . 2009-02-13 21:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-02-12 11:20 . 2009-02-12 11:20 <DIR> d-------- c:\program files\Ashampoo
2009-02-12 11:20 . 2009-02-12 11:20 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\Ashampoo
2009-02-12 11:20 . 2009-02-12 11:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-02-08 10:23 . 2009-02-13 11:13 <DIR> d-------- c:\program files\KeyScrambler
2009-02-08 10:23 . 2009-01-18 16:24 114,024 --a------ c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 10:03 . 2009-03-03 06:58 <DIR> d-------- c:\program files\PeerGuardian2
2009-02-07 19:51 . 2009-02-07 19:51 <DIR> d-------- C:\Sandbox
2009-02-07 19:39 . 2009-02-07 19:39 <DIR> d-------- c:\program files\Sandboxie
2009-02-07 19:39 . 2009-03-02 10:19 1,496 --a------ c:\windows\Sandboxie.ini
2009-02-07 10:02 . 2009-02-07 10:02 <DIR> d-------- c:\program files\Alwil Software
2009-02-06 20:20 . 2009-02-06 20:20 <DIR> d-------- c:\program files\Trend Micro
2009-02-05 14:10 . 2009-02-05 14:10 <DIR> d-------- c:\program files\CCleaner
2009-02-05 12:10 . 2009-02-05 12:10 <DIR> d-------- c:\program files\Wipe
2009-02-05 12:10 . 2009-03-03 22:52 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\WIPE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 18:04 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-05 17:43 --------- d-----w c:\program files\Microsoft ActiveSync
2009-03-05 17:15 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-04 18:33 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-04 03:46 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-04 03:46 --------- d-----w c:\program files\AVS4YOU
2009-03-04 03:43 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\uTorrent
2009-03-04 01:42 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\U3
2009-03-02 17:05 --------- d-----w c:\program files\Norton SystemWorks Basic Edition
2009-03-01 00:33 --------- d-----w c:\program files\Google
2009-02-28 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\YAHOO
2009-02-28 21:49 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\dvdcss
2009-02-28 17:28 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-14 05:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 16:08 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-11 23:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-05 00:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-03 16:29 --------- d-----w c:\program files\iTunes
2009-02-03 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 16:28 --------- d-----w c:\program files\QuickTime
2009-02-03 16:28 --------- d-----w c:\program files\iPod
2009-02-03 16:28 --------- d-----w c:\program files\Common Files\Apple
2009-02-03 16:27 --------- d-----w c:\program files\Apple Software Update
2009-02-03 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Deskperience
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\AVS4YOU
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Apple Computer
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\AdobeUM
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\acccore
2009-01-15 04:22 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Malwarebytes
2009-01-15 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-06 17:07 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 17:07 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 17:07 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 17:07 --------- d-----w c:\program files\Symantec
2008-03-14 21:36 34,744 ----a-w c:\documents and settings\Jorge Torres\Application Data\GDIPFONTCACHEV1.DAT
2007-08-25 03:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-10 16:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-08-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-11-02 978944]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-24 714608]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-20 509784]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]

c:\documents and settings\Jorge Torres\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-22 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 17:39 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--a------ 2004-07-20 09:34 851968 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2004-08-18 06:37 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-20 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-02-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [2005-11-03 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-01 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-02-08 114024]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-13 356920]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-20 19:34]

2009-02-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jorge Torres.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 20:19]

2009-03-02 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 10:22]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 18:15]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-01 11:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Jorge Torres\Application Data\Mozilla\Firefox\Profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Jorge Torres\Application Data\Mozilla\Firefox\Profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 13:04:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2179568005-3368781205-3588060182-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1068)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\TPSBattM.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-05 13:08:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 18:08:20

Pre-Run: 64,287,346,688 bytes free
Post-Run: 64,790,745,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

308 --- E O F --- 2009-02-25 18:01:21

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:13:36 PM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://sam2003.course.com/
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NSWosCheck] "C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Basic Edition\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE6062F5-D44A-4405-8D70-1843B38A7DAE}: NameServer = 4.2.2.1,4.2.2.2
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SPCSUtilityService - Sprint Spectrum, L.L.C - C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 12704 bytes

#8
AdvancedSetup
Posted 07 March 2009 - 01:57 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
Did you SYSPREP this computer or know why this driver is running?
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?]

SYSPREP is a tool used for cloning Windows onto multiple machines but it should not be using any driver after it's done.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#9
zippy 02
Posted 07 March 2009 - 05:00 PM

    New Member

  • Members
  • Pip
  • 9 posts
No, I've never even heard of that program until now.

#10
AdvancedSetup
Posted 08 March 2009 - 04:38 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
STEP 01

Download but do not yet run ComboFix
If you have a previous version of Combofix.exe, delete it and download a fresh copy.
Download it to your DESKTOP - it MUST run from the Desktop
download.bleepingcomputer.com/sUBs/ComboFix.exe
subs.geekstogo.com/ComboFix.exe

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines
KILLALL::

Driver::
SVRPEDRV

File::
c:\sysprep\PEDrv.sys

Folder::
c:\sysprep

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" .

Using your mouse, drag the new file CFscript.txt and drop it on the Combo-Fix.exe icon as shown:
Posted Image
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • Disconnect from the Internet.
  • Disable your Antivirus software. If it has Script Blocking features, please disable these as well.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
  • It may identify that Recovery Console is not installed. Please accept when asked if you wish it to be installed.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit.
A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post back the Combofix log on your next reply.


STEP 02
Update and Scan with Malwarebytes' Anti-Malware
  • Start MalwareBytes AntiMalware (Vista users must Right click and choose RunAs Admin)
  • Please DO NOT run MBAM in Safe Mode unless requested to, you MUST run it in normal Windows mode.
    • Update Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Update
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Then post back the MBAM log and a new Hijackthis log.

STEP 03
[indent]Download DDS and save it to your desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.
    When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#11
zippy 02
Posted 08 March 2009 - 11:40 PM

    New Member

  • Members
  • Pip
  • 9 posts
Ok, here are all the logs.

ComboFix log:

ComboFix 09-03-06.02 - Jorge Torres 2009-03-08 18:22:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.473 [GMT -4:00]
Running from: c:\documents and settings\Jorge Torres\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jorge Torres\Desktop\CFscript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point

FILE ::
c:\sysprep\PEDrv.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SVRPEDRV
-------\Service_SVRPEDRV


((((((((((((((((((((((((( Files Created from 2009-02-08 to 2009-03-08 )))))))))))))))))))))))))))))))
.

2009-03-07 16:12 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-03-07 16:12 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-03-07 16:12 . 2008-04-13 15:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-03-07 16:12 . 2008-04-13 15:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2009-03-07 02:13 . 2009-03-07 02:13 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-03-05 19:09 . 2009-03-05 19:09 <DIR> d-------- c:\program files\G4box
2009-03-05 18:47 . 2009-03-05 18:47 <DIR> d-------- C:\CFLog
2009-03-05 18:47 . 2009-02-16 20:39 2,736,890 --a------ c:\windows\system32\GameMon.des
2009-03-05 18:45 . 2003-07-17 05:17 5,174 --a------ c:\windows\system32\nppt9x.vxd
2009-03-05 18:45 . 2004-12-31 20:43 4,682 --a------ c:\windows\system32\npptNT2.sys
2009-03-05 18:44 . 2009-03-05 18:44 <DIR> d-------- c:\program files\Common Files\INCA Shared
2009-03-04 16:21 . 2009-03-04 16:21 <DIR> d-------- c:\program files\Crawler
2009-03-01 23:20 . 2009-03-01 23:20 <DIR> d-------- c:\program files\7-Zip
2009-03-01 14:56 . 2009-03-01 15:04 <DIR> d-------- c:\program files\SpywareBlaster
2009-03-01 12:59 . 2009-03-01 12:59 <DIR> d-------- c:\program files\IObit
2009-03-01 12:59 . 2009-03-01 12:59 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\IObit
2009-02-28 17:24 . 2009-02-28 17:24 23,600 --a------ c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 23:56 . 2009-02-26 23:56 <DIR> d-------- c:\program files\HDD Health
2009-02-20 22:14 . 2009-02-20 20:34 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-20 20:34 . 2009-02-20 20:34 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-20 20:32 . 2009-02-20 20:32 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:31 . 2009-02-20 20:31 <DIR> d-------- c:\program files\Lavasoft
2009-02-20 20:31 . 2009-02-20 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-19 13:03 . 2009-02-19 13:03 579,464 --a------ c:\windows\system32\SymNeti.dll
2009-02-19 13:03 . 2009-02-19 13:03 207,240 --a------ c:\windows\system32\SymRedir.dll
2009-02-19 12:31 . 2009-02-19 12:31 184,496 --a------ c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 . 2009-02-19 12:31 96,560 --a------ c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 . 2009-02-19 12:31 41,008 --a------ c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 . 2009-02-19 12:31 38,576 --a------ c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 . 2009-02-19 12:31 37,424 --a------ c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 . 2009-02-19 12:31 31,280 --a------ c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 . 2009-02-19 12:31 22,320 --a------ c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 . 2009-02-19 12:31 13,616 --a------ c:\windows\system32\drivers\symdns.sys
2009-02-19 12:31 . 2009-02-19 12:31 9,844 --a------ c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 . 2009-02-19 12:31 1,611 --a------ c:\windows\system32\drivers\SymRedir.inf
2009-02-18 11:43 . 2009-02-18 11:45 <DIR> d-------- c:\windows\system32\Adobe
2009-02-13 22:04 . 2009-02-13 22:06 <DIR> d-------- c:\program files\Common Files\PC Tools
2009-02-13 22:04 . 2009-03-04 16:33 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-02-13 22:04 . 2008-07-28 13:29 160,792 --a------ c:\windows\system32\drivers\pctfw2.sys
2009-02-13 22:04 . 2008-08-25 13:36 81,288 --a------ c:\windows\system32\drivers\iksyssec.sys
2009-02-13 22:04 . 2008-08-25 13:36 66,952 --a------ c:\windows\system32\drivers\iksysflt.sys
2009-02-13 22:04 . 2008-08-25 13:36 40,840 --a------ c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 22:04 . 2008-06-02 17:19 29,576 --a------ c:\windows\system32\drivers\kcom.sys
2009-02-13 22:03 . 2009-03-04 16:32 <DIR> d-------- c:\program files\Spyware Doctor
2009-02-13 22:03 . 2009-02-13 22:03 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\PC Tools
2009-02-13 22:03 . 2009-02-13 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\PC Tools
2009-02-12 12:20 . 2009-02-12 12:20 <DIR> d-------- c:\program files\Ashampoo
2009-02-12 12:20 . 2009-02-12 12:20 <DIR> d-------- c:\documents and settings\Jorge Torres\Application Data\Ashampoo
2009-02-12 12:20 . 2009-02-12 12:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-02-08 11:23 . 2009-02-13 12:13 <DIR> d-------- c:\program files\KeyScrambler
2009-02-08 11:23 . 2009-01-18 17:24 114,024 --a------ c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 11:03 . 2009-03-03 07:58 <DIR> d-------- c:\program files\PeerGuardian2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 22:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-08 21:57 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-08 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-04 03:52 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\WIPE
2009-03-04 03:46 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-04 03:46 --------- d-----w c:\program files\AVS4YOU
2009-03-04 03:43 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\uTorrent
2009-03-04 01:42 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\U3
2009-03-02 17:05 --------- d-----w c:\program files\Norton SystemWorks Basic Edition
2009-03-01 00:33 --------- d-----w c:\program files\Google
2009-02-28 22:57 --------- d-----w c:\documents and settings\All Users\Application Data\YAHOO
2009-02-28 21:49 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\dvdcss
2009-02-28 17:28 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-14 05:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-02-12 16:08 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-11 23:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-08 00:39 --------- d-----w c:\program files\Sandboxie
2009-02-07 15:02 --------- d-----w c:\program files\Alwil Software
2009-02-07 01:20 --------- d-----w c:\program files\Trend Micro
2009-02-05 19:10 --------- d-----w c:\program files\CCleaner
2009-02-05 17:10 --------- d-----w c:\program files\Wipe
2009-02-05 00:12 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-03 16:29 --------- d-----w c:\program files\iTunes
2009-02-03 16:29 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-03 16:28 --------- d-----w c:\program files\QuickTime
2009-02-03 16:28 --------- d-----w c:\program files\iPod
2009-02-03 16:28 --------- d-----w c:\program files\Common Files\Apple
2009-02-03 16:27 --------- d-----w c:\program files\Apple Software Update
2009-02-03 16:27 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-03 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Deskperience
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\AVS4YOU
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Apple Computer
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\AdobeUM
2009-01-30 16:51 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\acccore
2009-01-15 04:22 --------- d-----w c:\documents and settings\Jorge Torres\Application Data\Malwarebytes
2009-01-15 04:22 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-03-14 21:36 34,744 ----a-w c:\documents and settings\Jorge Torres\Application Data\GDIPFONTCACHEV1.DAT
2007-08-25 03:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-09-10 16:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091020080911\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_13.07.10.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2008-01-19 16:45:47 2,560 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-03-07 06:13:32 2,560 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
- 2008-01-19 16:45:47 34,304 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-03-07 06:13:31 34,304 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\misc.exe
- 2008-01-19 16:45:47 8,192 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-03-07 06:13:32 8,192 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
- 2008-01-19 16:45:47 3,584 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-03-07 06:13:32 3,584 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
- 2008-01-19 16:45:47 16,384 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-03-07 06:13:32 16,384 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
- 2008-01-19 16:45:47 22,528 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-03-07 06:13:32 22,528 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
- 2008-01-19 16:45:47 45,056 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-03-07 06:13:31 45,056 ----a-r c:\windows\Installer\{901B0409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
- 2000-08-31 13:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w c:\windows\SWREG.exe
- 2009-02-28 19:59:16 64,602 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-08 15:17:47 64,602 ----a-w c:\windows\system32\perfc009.dat
- 2009-02-28 19:59:16 408,238 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-08 15:17:47 408,238 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TFncKy"="c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe" [2005-08-16 188416]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2005-11-02 978944]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-26 122880]
"dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-17 151552]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-08-25 714608]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-20 509784]
"TDispVol"="TDispVol.exe" [2005-03-11 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-06-01 c:\windows\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 c:\windows\agrsmmsg.exe]

c:\documents and settings\Jorge Torres\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2004-06-12 59080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-02-15 155648]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-02-22 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-01-01 18:39 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
--a------ 2004-07-20 10:34 851968 c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
--a------ 2004-08-18 07:37 184320 c:\program files\ltmoh\ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-20 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-02-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-04 55024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2007-08-25 149352]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~2\NORTON~1\NPROTECT.EXE [2005-11-03 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-01 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-02-08 114024]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [2009-01-05 103936]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-05-29 23888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-02-13 356920]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68d0835b-139c-11dc-928d-00a0d15356b8}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-03-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-20 20:34]

2009-03-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-03-03 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Jorge Torres.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 21:19]

2009-03-02 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Basic Edition\OBC.exe [2007-09-18 11:22]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-02-13 19:15]

2009-03-02 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\ [2009-03-01 12:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Jorge Torres\Application Data\Mozilla\Firefox\Profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Jorge Torres\Application Data\Mozilla\Firefox\Profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-08 18:27:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2179568005-3368781205-3588060182-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(1072)
c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\system32\Brmfrmps.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
c:\progra~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\windows\system32\TPSBattM.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-03-08 18:32:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-08 22:32:38
ComboFix2.txt 2009-03-05 18:08:26

Pre-Run: 63,636,742,144 bytes free
Post-Run: 64,262,955,008 bytes free

336 --- E O F --- 2009-02-25 18:01:21

MBAM log:

Malwarebytes' Anti-Malware 1.34
Database version: 1827
Windows 5.1.2600 Service Pack 3

3/8/2009 7:04:41 PM
mbam-log-2009-03-08 (19-04-41).txt

Scan type: Quick Scan
Objects scanned: 68544
Time elapsed: 5 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

DDS.txt:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jorge Torres at 19:29:23.04 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.457 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jorge Torres\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
uURLSearchHooks: H - No File
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\jorget~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jorget~1\applic~1\mozilla\firefox\profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jorge torres\application data\mozilla\firefox\profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-20 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-2-8 114024]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVENG.SYS [2009-3-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVEX15.SYS [2009-3-8 876144]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-5 1251720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-13 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-13 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-13 81288]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-13 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-13 1079176]

=============== Created Last 30 ================

2009-03-08 18:20 <DIR> --d----- C:\ComboFix
2009-03-07 16:12 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-07 16:12 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-07 16:12 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-07 16:12 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-07 02:13 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-05 19:09 <DIR> --d----- c:\program files\G4box
2009-03-05 18:47 <DIR> --d----- C:\CFLog
2009-03-05 18:47 2,736,890 a------- c:\windows\system32\GameMon.des
2009-03-05 18:45 4,682 a------- c:\windows\system32\npptNT2.sys
2009-03-05 18:45 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-03-05 18:44 <DIR> --d----- c:\program files\common files\INCA Shared
2009-03-05 13:57 <DIR> a-dshr-- C:\cmdcons
2009-03-05 13:55 161,792 a------- c:\windows\SWREG.exe
2009-03-05 13:55 98,816 a------- c:\windows\sed.exe
2009-03-04 16:21 <DIR> --d----- c:\program files\Crawler
2009-03-01 14:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-01 12:59 <DIR> --d----- c:\docume~1\jorget~1\applic~1\IObit
2009-03-01 12:59 <DIR> --d----- c:\program files\IObit
2009-02-28 17:24 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 23:56 <DIR> --d----- c:\program files\HDD Health
2009-02-20 22:14 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-20 20:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-20 20:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:31 <DIR> --d----- c:\program files\Lavasoft
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-18 11:43 <DIR> --d----- c:\windows\system32\Adobe
2009-02-13 22:04 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-02-13 22:04 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-13 22:04 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-13 22:04 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-13 22:04 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 22:04 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-13 22:03 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-13 22:03 <DIR> --d----- c:\docume~1\jorget~1\applic~1\PC Tools
2009-02-13 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-12 12:20 <DIR> --d----- c:\docume~1\jorget~1\applic~1\Ashampoo
2009-02-12 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-12 12:20 <DIR> --d----- c:\program files\Ashampoo
2009-02-08 11:23 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 11:23 <DIR> --d----- c:\program files\KeyScrambler
2009-02-08 11:03 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-07 20:51 <DIR> --d----- C:\Sandbox
2009-02-07 20:39 1,496 a------- c:\windows\Sandboxie.ini
2009-02-07 20:39 <DIR> --d----- c:\program files\Sandboxie
2009-02-06 21:20 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-02-12 12:08 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-06 13:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-03-14 17:36 34,744 a------- c:\docume~1\jorget~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-10 12:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 19:29:57.89 ===============


Attach.txt:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Jorge Torres at 19:29:23.04 on Sun 03/08/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.457 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated)
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sprint\Sierra Wireless\Sprint PCS Connection Manager\SPCSUtilityService.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jorge Torres\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://sam2003.course.com/
uURLSearchHooks: H - No File
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [TFncKy] c:\program files\toshiba\toshiba controls\TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [NDSTray.exe] c:\program files\toshiba\configfree\NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [NSWosCheck] "c:\program files\norton systemworks basic edition\osCheck.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04a\BrStDvPt.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\jorget~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {5E638779-1818-4754-A595-EF1C63B87A56} - c:\program files\norton systemworks basic edition\norton cleanup\WCQuick.lnk
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
TCP: {BE6062F5-D44A-4405-8D70-1843B38A7DAE} = 4.2.2.1,4.2.2.2
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\toolbar\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jorget~1\applic~1\mozilla\firefox\profiles\np4nnp6k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jorge torres\application data\mozilla\firefox\profiles\np4nnp6k.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xshared.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\toolbar\firefox\components\xwsg.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-20 64160]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2009-2-13 160792]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 55024]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\norton~2\norton~1\NPROTECT.EXE [2005-11-3 95832]
R3 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2007-8-25 149352]
R3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-2-8 114024]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVENG.SYS [2009-3-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090308.003\NAVEX15.SYS [2009-3-8 876144]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2009-1-5 103936]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-5 1251720]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2009-2-13 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2009-2-13 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2009-2-13 81288]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-2-13 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-2-13 1079176]

=============== Created Last 30 ================

2009-03-08 18:20 <DIR> --d----- C:\ComboFix
2009-03-07 16:12 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-03-07 16:12 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-03-07 16:12 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2009-03-07 16:12 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-03-07 02:13 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-03-05 19:09 <DIR> --d----- c:\program files\G4box
2009-03-05 18:47 <DIR> --d----- C:\CFLog
2009-03-05 18:47 2,736,890 a------- c:\windows\system32\GameMon.des
2009-03-05 18:45 4,682 a------- c:\windows\system32\npptNT2.sys
2009-03-05 18:45 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-03-05 18:44 <DIR> --d----- c:\program files\common files\INCA Shared
2009-03-05 13:57 <DIR> a-dshr-- C:\cmdcons
2009-03-05 13:55 161,792 a------- c:\windows\SWREG.exe
2009-03-05 13:55 98,816 a------- c:\windows\sed.exe
2009-03-04 16:21 <DIR> --d----- c:\program files\Crawler
2009-03-01 14:56 <DIR> --d----- c:\program files\SpywareBlaster
2009-03-01 12:59 <DIR> --d----- c:\docume~1\jorget~1\applic~1\IObit
2009-03-01 12:59 <DIR> --d----- c:\program files\IObit
2009-02-28 17:24 23,600 a------- c:\windows\system32\drivers\TVICHW32.SYS
2009-02-26 23:56 <DIR> --d----- c:\program files\HDD Health
2009-02-20 22:14 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-20 20:34 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-20 20:32 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-20 20:31 <DIR> --d----- c:\program files\Lavasoft
2009-02-19 13:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 13:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-19 12:31 31,280 a------- c:\windows\system32\drivers\SymIM.sys
2009-02-19 12:31 9,844 a------- c:\windows\system32\drivers\SymRedir.cat
2009-02-19 12:31 1,611 a------- c:\windows\system32\drivers\SymRedir.inf
2009-02-19 12:31 41,008 a------- c:\windows\system32\drivers\symndisv.sys
2009-02-19 12:31 184,496 a------- c:\windows\system32\drivers\symtdi.sys
2009-02-19 12:31 96,560 a------- c:\windows\system32\drivers\symfw.sys
2009-02-19 12:31 38,576 a------- c:\windows\system32\drivers\symids.sys
2009-02-19 12:31 37,424 a------- c:\windows\system32\drivers\symndis.sys
2009-02-19 12:31 22,320 a------- c:\windows\system32\drivers\symredrv.sys
2009-02-19 12:31 13,616 a------- c:\windows\system32\drivers\symdns.sys
2009-02-18 11:43 <DIR> --d----- c:\windows\system32\Adobe
2009-02-13 22:04 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2009-02-13 22:04 <DIR> --d----- c:\program files\common files\PC Tools
2009-02-13 22:04 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-02-13 22:04 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-02-13 22:04 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-02-13 22:04 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-02-13 22:03 <DIR> --d----- c:\program files\Spyware Doctor
2009-02-13 22:03 <DIR> --d----- c:\docume~1\jorget~1\applic~1\PC Tools
2009-02-13 22:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-02-12 12:20 <DIR> --d----- c:\docume~1\jorget~1\applic~1\Ashampoo
2009-02-12 12:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ashampoo
2009-02-12 12:20 <DIR> --d----- c:\program files\Ashampoo
2009-02-08 11:23 114,024 a------- c:\windows\system32\drivers\keyscrambler.sys
2009-02-08 11:23 <DIR> --d----- c:\program files\KeyScrambler
2009-02-08 11:03 <DIR> --d----- c:\program files\PeerGuardian2
2009-02-07 20:51 <DIR> --d----- C:\Sandbox
2009-02-07 20:39 1,496 a------- c:\windows\Sandboxie.ini
2009-02-07 20:39 <DIR> --d----- c:\program files\Sandboxie
2009-02-06 21:20 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-02-12 12:08 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-11 11:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-06 13:07 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-20 19:15 826,368 a------- c:\windows\system32\wininet.dll
2008-03-14 17:36 34,744 a------- c:\docume~1\jorget~1\applic~1\GDIPFONTCACHEV1.DAT
2008-09-10 12:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091020080911\index.dat

============= FINISH: 19:29:57.89 ===============

#12
AdvancedSetup
Posted 09 March 2009 - 05:58 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
The logs look good now.

How is the computer running now?
Are there still any signs of an infection?
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#13
zippy 02
Posted 09 March 2009 - 06:21 PM

    New Member

  • Members
  • Pip
  • 9 posts
Well I've tried doing several Google searches and the search results are still being redirected. It's not happening quite as frequently as before, but the problem persists nonetheless.

#14
zippy 02
Posted 15 March 2009 - 04:49 PM

    New Member

  • Members
  • Pip
  • 9 posts
Hey man did you forget about me? LOL

#15
AdvancedSetup
Posted 17 March 2009 - 07:33 AM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
Sorry, yes I probably did - busy as heck at work and too many posts to respond to.

Okay please update MBAM and post back it's most recent log then run DDS again and we'll take another look.
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.

#16
zippy 02
Posted 18 March 2009 - 01:36 AM

    New Member

  • Members
  • Pip
  • 9 posts
Well I was actually able to resolve the problem. I completely removed Firefox from my computer and then reinstalled it. My Google searches don't get redirected anymore and everything is running great. Thanks so much for your help, it was greatly appreciated.

#17
AdvancedSetup
Posted 23 March 2009 - 10:13 PM

    Forum Deity

  • Administrators
  • PipPipPipPipPipPip
  • 22,578 posts
  • Gender:Male
  • Location:US
Great, all looks good now.

I'll close your post soon so that other don't post into it and leave you with this information and suggestions.

So how did I get infected in the first place?


[indent]At this time your system appears to be clean. Nothing else in the logs indicates that you are still infected.
Now that you appear to be clean, please follow these simple steps in order to keep your computer clean and secure:

Remove all but the most recent Restore Point on Windows XP

[indent]You should Create a New Restore Point to prevent possible reinfection from an old one.
Some of the malware you picked up could have been saved in System Restore.
Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point.
Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • If the shortcut is missing you can also click on START > RUN > and type in %SystemRoot%\system32\restore\rstrui.exe and click OK
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next".
  • Give the new Restore Point a name, then click "Create".
  • The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use the Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr.exe
  • Select the drive where Windows is installed and click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
  • On the Disk Cleanup tab, if the System Restore: Obsolete Data Stores entry is available remove them also.
  • These are files that were created before Windows was reformatted or reinstalled. They are obsolete and you can delete them.
[indent]Posted Image Posted Image[/indent]

Additional information
Microsoft KB article: How to turn off and turn on System Restore in Windows XP
Bert Kinney's site: All about Windows System Restore[/indent]

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install hpHosts
Download it from here
hpHosts is a community managed and maintained hosts file that allows an additional layer of protection against access to ad,
tracking and malicious websites. This prevents your computer from connecting to these untrusted sites
by redirecting them to 127.0.0.1 which is your own local computer.
hpHosts Support Forum

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

The windows firewall is not sufficient to protect your system. It doesn't monitor outgoing traffic and this is a must.
I recommend Online Armor Free

A little outdated but good reading on how to prevent Malware

Keep safe online and happy surfing.



Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.

The fixes and advice in this thread are for this machine only. Do not apply to your machine unless you Fully Understand how these programs work and what you're doing. Please start a thread of your own and someone will be happy to help you, just follow the Pre-Hijackthis instructions found here before posting Pre- HJT Post Instructions


Also don't forget that we offer FREE assistance with General PC questions and repair here PC Help
If you're pleased with the product Malwarebytes and the service provided you, please let your friends, family, and co-workers know. http://www.malwarebytes.org[/indent]
Ron Lewis
Manager, Online Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

If you've posted to the HJT forum and it has been over 5 days without a response please send a Private Message asking for assistance.
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us