1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Active] Google Links redirected

Discussion in 'Spyware, Adware, Viruses and Malware Removal' started by TimFlog, Jan 20, 2010.

  1. TimFlog

    TimFlog Techie7 New Member

    Tried to follow a couple of links from some years ago by users with what appears to be the same problem I'm having. My Google search links are redirected to random sites. Tried Malware-Bytes, Ad-Aware and SpyBot, all to no avail. Have downloaded Hijackthis but that is where I'm at right now. Any help would be much appreciated.
     
  2. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Please download ComboFix from Here or Here to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.


    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. TimFlog

    TimFlog Techie7 New Member

    Here is the ComboFix log:

    ComboFix 10-01-20.04 - Tim 01/20/2010 21:43:31.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.650 [GMT -6:00]
    Running from: c:\users\Tim\Desktop\ComboFix.exe
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1474419422-578078573-1323823006-500
    c:\$recycle.bin\S-1-5-21-404281147-565806995-323063943-500
    c:\program files\Java\jre6\bin\jucheck.exe
    c:\windows\Downloaded Program Files\popcaploader.dll

    .
    ((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
    .

    2010-01-21 03:57 . 2010-01-21 03:59 -------- d-----w- c:\users\Tim\AppData\Local\temp
    2010-01-21 03:57 . 2010-01-21 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-20 20:25 . 2010-01-20 20:26 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-01-20 05:57 . 2010-01-20 05:57 52224 ----a-w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-01-20 05:56 . 2010-01-20 05:56 117760 ----a-w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-01-20 05:55 . 2010-01-20 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com
    2010-01-20 05:53 . 2010-01-20 05:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-20 05:16 . 2010-01-20 05:16 -------- d-----w- c:\program files\MSN Toolbar
    2010-01-20 05:15 . 2010-01-20 05:17 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-01-18 15:51 . 2009-12-22 15:09 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
    2010-01-18 07:11 . 2010-01-18 11:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-18 07:11 . 2010-01-18 07:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-18 06:45 . 2010-01-18 07:05 -------- d-----w- C:\fixwareout
    2010-01-18 06:27 . 2010-01-18 06:27 -------- d-----w- c:\program files\Trend Micro
    2010-01-18 06:26 . 2010-01-18 06:27 812344 ----a-w- c:\users\Tim\HJTInstall.exe
    2010-01-18 05:01 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-01-18 02:24 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-01-18 02:24 . 2010-01-18 02:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-01-18 02:24 . 2010-01-18 02:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2010-01-18 02:24 . 2010-01-18 02:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2010-01-18 02:17 . 2010-01-18 02:17 -------- d-----w- c:\program files\Lavasoft
    2010-01-18 02:08 . 2010-01-18 02:09 91338304 ----a-w- c:\users\Tim\Ad-AwareInstallation.exe
    2010-01-12 21:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-12 21:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-12-22 15:09 . 2009-12-22 15:09 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2009-12-22 15:09 . 2009-12-31 14:47 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-21 03:45 . 2007-09-25 23:23 -------- d-----w- c:\programdata\Google Updater
    2010-01-21 03:36 . 2008-03-20 05:29 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
    2010-01-20 20:28 . 2010-01-18 02:24 372280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-01-20 20:25 . 2010-01-18 02:22 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-01-20 16:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-20 09:21 . 2007-11-10 00:04 -------- d-----w- c:\program files\Spyware Doctor
    2010-01-20 05:13 . 2007-04-19 19:43 -------- d-----w- c:\program files\Java
    2010-01-19 21:53 . 2007-09-26 04:02 -------- d-----w- c:\users\Tim\AppData\Roaming\Skype
    2010-01-18 02:24 . 2010-01-18 02:17 -------- d-----w- c:\programdata\Lavasoft
    2010-01-18 02:24 . 2010-01-18 02:24 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
    2010-01-18 02:24 . 2010-01-18 02:24 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
    2010-01-18 02:23 . 2010-01-18 02:22 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-01-18 02:22 . 2010-01-18 02:22 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-01-18 02:22 . 2010-01-18 02:22 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-01-18 02:22 . 2010-01-18 02:22 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-01-18 02:22 . 2010-01-18 02:22 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-01-18 02:22 . 2010-01-18 02:22 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-01-18 02:19 . 2010-01-18 02:19 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-01-16 15:27 . 2008-09-11 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-16 15:27 . 2009-01-16 17:04 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-15 02:38 . 2008-05-01 06:55 -------- d-----w- c:\users\Tim\AppData\Roaming\Corel
    2010-01-13 09:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-01-12 04:33 . 2007-04-19 19:10 -------- d-----w- c:\programdata\WildTangent
    2010-01-12 04:26 . 2009-05-20 00:38 1762288 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
    2010-01-12 04:24 . 2007-04-19 19:10 -------- d-----w- c:\program files\HP Games
    2010-01-11 04:56 . 2009-09-16 00:43 384728776 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\fatethetraitorsoul-setup.exe
    2010-01-09 19:43 . 2007-09-25 23:23 -------- d-----w- c:\program files\Google
    2010-01-07 22:07 . 2008-09-11 19:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2008-09-11 19:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-16 20:42 . 2009-12-18 00:48 872960 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-16 20:42 . 2009-12-18 00:48 43008 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-16 20:42 . 2009-12-18 00:48 340480 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-16 20:41 . 2009-12-18 00:48 346624 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-15 03:34 . 2009-03-19 16:26 -------- d-----w- c:\programdata\4WARN
    2009-12-15 03:33 . 2008-05-14 20:51 -------- d-----w- c:\program files\Common Files\4WARN
    2009-12-15 03:33 . 2007-10-23 22:39 61440 ----a-w- c:\windows\wnUninstall.exe
    2009-12-11 09:09 . 2009-12-11 09:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2AD5.tmp.exe
    2009-12-10 15:58 . 2009-12-10 15:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4741.tmp.exe
    2009-12-10 01:39 . 2009-12-10 01:30 -------- d-----w- c:\programdata\NOS
    2009-12-10 01:34 . 2009-11-20 05:42 -------- d-----w- c:\program files\Common Files\Adobe
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-12-10 01:30 . 2009-12-10 01:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\NOS
    2009-12-09 23:37 . 2009-12-09 23:37 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb798A.tmp.exe
    2009-12-09 13:48 . 2009-12-09 13:48 33558 ----a-w- c:\programdata\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
    2009-12-09 09:05 . 2008-04-16 16:14 30295562 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-12-09 06:38 . 2007-04-19 18:46 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-09 01:09 . 2009-12-09 01:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb382C.tmp.exe
    2009-12-08 04:23 . 2009-12-08 04:23 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8CF9.tmp.exe
    2009-12-07 14:10 . 2010-01-18 02:19 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
    2009-12-06 01:18 . 2007-11-27 05:04 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenOffice.org2
    2009-12-06 01:15 . 2007-11-27 05:05 1 ----a-w- c:\users\Tim\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2009-12-05 02:42 . 2009-12-05 02:42 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6B43.tmp.exe
    2009-12-04 17:32 . 2009-06-02 14:48 -------- d-----r- c:\program files\Skype
    2009-12-04 17:31 . 2007-09-26 04:00 -------- d-----w- c:\programdata\Skype
    2009-12-04 10:58 . 2009-12-04 10:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB01D.tmp.exe
    2009-11-21 06:40 . 2009-12-09 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-09 05:41 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-09 05:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-09 05:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-20 11:08 . 2009-12-10 01:31 38784 ----a-w- c:\users\Tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-20 11:08 . 2009-12-10 01:31 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-10 16:53 . 2009-03-31 01:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-10 16:53 . 2007-11-26 06:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-10 16:52 . 2009-03-31 01:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-10 16:52 . 2009-03-31 01:10 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-10 16:29 . 2009-11-10 16:28 891208 ----a-w- c:\users\Tim\avg_free_stb_en_9_40_free.exe
    2009-11-09 12:31 . 2009-12-09 06:38 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 06:38 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 06:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-03 02:42 . 2009-10-03 06:12 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-02 09:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-10-29 09:17 . 2009-11-25 09:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-07-07 03:52 . 2008-05-01 06:55 88 --sh--r- c:\windows\System32\47B0CB5F95.sys
    2009-07-07 03:52 . 2008-05-01 06:55 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
    2009-09-07 18:11 3962184 ----a-w- c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    4WARN.lnk - c:\program files\Common Files\4WARN\TrueWeather.exe [2009-12-14 6107648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^4WARN.lnk]
    backup=c:\windows\pss\4WARN.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKLM\~\startupfolder\C:^Users^Tim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2007-02-06 16:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-12-12 01:54 133104 ----atw- c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    2008-10-31 01:28 1168264 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-10-25 22:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-10-25 22:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-09-25 23:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-11-21 06:44 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "VistaSp2"=hex(b):fb,b2,83,d1,39,58,ca,01

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [1/17/2010 20:24 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/30/2009 19:10 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/30/2009 19:10 360584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 07:56 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 07:56 74480]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/10/2009 10:52 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/10/2009 10:52 285392]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/18/2010 01:11 1153368]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 15:40 3668480]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 07:56 7408]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 07:19 1181328]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/3/2008 14:15 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/29/2009 20:41 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 21:48 704864]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/29/2008 06:38 356920]
    S4 gupdate1c95b3fb983f530;Google Update Service (gupdate1c95b3fb983f530);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2008 21:22 133104]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mchInjDrv

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-21 c:\windows\Tasks\AWC Startup.job
    - c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-07-13 23:00]

    2010-01-21 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-25 00:30]

    2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-404281147-565806995-323063943-1000Core.job
    - c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-18 01:54]

    2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-404281147-565806995-323063943-1000UA.job
    - c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-18 01:54]

    2010-01-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-18 21:31]

    2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{545F49AA-6AE7-4CEF-874D-70E8208D44E8}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Tim\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    URLSearchHooks-A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
    URLSearchHooks-~a298ed31-d405-40e2-880f-b7511948e582} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-01-20 21:58
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84EAC856]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x871a6d24
    \Driver\ACPI -> acpi.sys @ 0x82c98d68
    \Driver\atapi -> ataport.SYS @ 0x82db4a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{28334827-7b80-4bb6-8eaf-ed54843cddaf}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0e0016d3
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5d397078-d39d-4699-93c7-15d8c45d702e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0e0018de
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{5f65c9c6-74ba-41ce-927b-79616bfa11a0}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c001636
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{62bc5d12-9d8f-4c34-a26e-aff5d260ef36}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:12020054
    "Dhcpv6State"=dword:00000000
    "NameServer"=""

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{873f976a-b8c6-4719-84cf-371105c7831d}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0b000000
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07001422
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:06001422
    "Dhcpv6State"=dword:00000000
    .
    Completion time: 2010-01-20 22:04:23
    ComboFix-quarantined-files.txt 2010-01-21 04:04

    Pre-Run: 50,895,327,232 bytes free
    Post-Run: 50,903,310,336 bytes free

    - - End Of File - - 1117A976B0E029851EAA4D4DC4A2AC5D


    And here is the HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:13:37, on 1/20/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: 4WARN.lnk = C:\Program Files\Common Files\4WARN\TrueWeather.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted IP range: http://192.168.5.15
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13505 bytes
     
  4. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    What browser is getting redirected?

    Go to "Programs & Features" and uninstall Cyber Defender (if present). If not, let me know.

    Download and run Norton Removal Tool: Download and run the Norton Removal Tool

    Post fresh Combofix and HJT logs.
     
  5. TimFlog

    TimFlog Techie7 New Member

    My browser is IE8 I believe. Which Norton product am I trying to remove? I have been given a list of options for Norton product removal.?

    Thanks for your help. PC is already faster.
     
  6. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    It doesn't matter, which link you click.
     
  7. TimFlog

    TimFlog Techie7 New Member

    ComboFix 10-01-20.05 - Tim 01/20/2010 23:34:07.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.423 [GMT -6:00]
    Running from: c:\users\Tim\Desktop\ComboFix.exe
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
    .

    ((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
    .

    2010-01-21 05:49 . 2010-01-21 05:49 -------- d-----w- c:\users\Tim\AppData\Local\temp
    2010-01-21 05:49 . 2010-01-21 05:49 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-01-21 05:49 . 2010-01-21 05:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-21 05:24 . 2010-01-21 05:24 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-01-20 20:25 . 2010-01-20 20:26 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2010-01-20 05:57 . 2010-01-20 05:57 52224 ----a-w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-01-20 05:56 . 2010-01-20 05:56 117760 ----a-w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-01-20 05:55 . 2010-01-20 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com
    2010-01-20 05:53 . 2010-01-20 05:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-20 05:16 . 2010-01-20 05:16 -------- d-----w- c:\program files\MSN Toolbar
    2010-01-20 05:15 . 2010-01-20 05:17 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-01-18 15:51 . 2009-12-22 15:09 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
    2010-01-18 07:11 . 2010-01-18 11:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-18 07:11 . 2010-01-18 07:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-18 06:45 . 2010-01-18 07:05 -------- d-----w- C:\fixwareout
    2010-01-18 06:27 . 2010-01-18 06:27 -------- d-----w- c:\program files\Trend Micro
    2010-01-18 06:26 . 2010-01-18 06:27 812344 ----a-w- c:\users\Tim\HJTInstall.exe
    2010-01-18 05:01 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-01-18 02:24 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-01-18 02:24 . 2010-01-18 02:24 862040 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-01-18 02:24 . 2010-01-18 02:24 206944 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2010-01-18 02:24 . 2010-01-18 02:24 390288 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2010-01-18 02:17 . 2010-01-18 02:17 -------- d-----w- c:\program files\Lavasoft
    2010-01-18 02:08 . 2010-01-18 02:09 91338304 ----a-w- c:\users\Tim\Ad-AwareInstallation.exe
    2010-01-12 21:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-12 21:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-12-22 15:09 . 2009-12-22 15:09 4043544 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
    2009-12-22 15:09 . 2009-12-31 14:47 3966744 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-21 05:21 . 2008-03-20 05:29 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
    2010-01-21 04:46 . 2007-04-19 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-21 04:43 . 2007-09-25 23:23 -------- d-----w- c:\program files\Google
    2010-01-21 04:39 . 2008-03-19 16:04 -------- d-----w- c:\program files\MSN Games
    2010-01-20 20:28 . 2010-01-18 02:24 372280 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2010-01-20 20:25 . 2010-01-18 02:22 823928 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2010-01-20 16:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-20 09:21 . 2007-11-10 00:04 -------- d-----w- c:\program files\Spyware Doctor
    2010-01-20 05:13 . 2007-04-19 19:43 -------- d-----w- c:\program files\Java
    2010-01-19 21:53 . 2007-09-26 04:02 -------- d-----w- c:\users\Tim\AppData\Roaming\Skype
    2010-01-18 02:24 . 2010-01-18 02:17 -------- d-----w- c:\programdata\Lavasoft
    2010-01-18 02:24 . 2010-01-18 02:24 537576 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
    2010-01-18 02:24 . 2010-01-18 02:24 194104 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
    2010-01-18 02:23 . 2010-01-18 02:22 6296864 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
    2010-01-18 02:22 . 2010-01-18 02:22 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2010-01-18 02:22 . 2010-01-18 02:22 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2010-01-18 02:22 . 2010-01-18 02:22 1643272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2010-01-18 02:22 . 2010-01-18 02:22 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2010-01-18 02:22 . 2010-01-18 02:22 1181328 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
    2010-01-18 02:19 . 2010-01-18 02:19 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-01-16 15:27 . 2008-09-11 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-16 15:27 . 2009-01-16 17:04 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-01-15 02:38 . 2008-05-01 06:55 -------- d-----w- c:\users\Tim\AppData\Roaming\Corel
    2010-01-13 09:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-01-12 04:33 . 2007-04-19 19:10 -------- d-----w- c:\programdata\WildTangent
    2010-01-12 04:26 . 2009-05-20 00:38 1762288 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
    2010-01-12 04:24 . 2007-04-19 19:10 -------- d-----w- c:\program files\HP Games
    2010-01-11 04:56 . 2009-09-16 00:43 384728776 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\fatethetraitorsoul-setup.exe
    2010-01-07 22:07 . 2008-09-11 19:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2008-09-11 19:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-16 20:42 . 2009-12-18 00:48 872960 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-12-16 20:42 . 2009-12-18 00:48 43008 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-12-16 20:42 . 2009-12-18 00:48 340480 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-12-16 20:41 . 2009-12-18 00:48 346624 ----a-w- c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-12-15 03:34 . 2009-03-19 16:26 -------- d-----w- c:\programdata\4WARN
    2009-12-15 03:33 . 2008-05-14 20:51 -------- d-----w- c:\program files\Common Files\4WARN
    2009-12-15 03:33 . 2007-10-23 22:39 61440 ----a-w- c:\windows\wnUninstall.exe
    2009-12-11 09:09 . 2009-12-11 09:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2AD5.tmp.exe
    2009-12-10 15:58 . 2009-12-10 15:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb4741.tmp.exe
    2009-12-10 01:39 . 2009-12-10 01:30 -------- d-----w- c:\programdata\NOS
    2009-12-10 01:34 . 2009-11-20 05:42 -------- d-----w- c:\program files\Common Files\Adobe
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-12-10 01:30 . 2009-12-10 01:30 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\NOS
    2009-12-09 23:37 . 2009-12-09 23:37 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb798A.tmp.exe
    2009-12-09 13:48 . 2009-12-09 13:48 33558 ----a-w- c:\programdata\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
    2009-12-09 09:05 . 2008-04-16 16:14 30295562 ----a-w- c:\windows\Internet Logs\tvDebug.zip
    2009-12-09 06:38 . 2007-04-19 18:46 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-09 01:09 . 2009-12-09 01:09 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb382C.tmp.exe
    2009-12-08 04:23 . 2009-12-08 04:23 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb8CF9.tmp.exe
    2009-12-07 14:10 . 2010-01-18 02:19 2953352 -c--a-w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
    2009-12-06 01:18 . 2007-11-27 05:04 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenOffice.org2
    2009-12-06 01:15 . 2007-11-27 05:05 1 ----a-w- c:\users\Tim\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
    2009-12-05 02:42 . 2009-12-05 02:42 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb6B43.tmp.exe
    2009-12-04 17:32 . 2009-06-02 14:48 -------- d-----r- c:\program files\Skype
    2009-12-04 17:31 . 2007-09-26 04:00 -------- d-----w- c:\programdata\Skype
    2009-12-04 10:58 . 2009-12-04 10:58 484976 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB01D.tmp.exe
    2009-11-21 06:40 . 2009-12-09 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-09 05:41 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-09 05:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-09 05:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-20 11:08 . 2009-12-10 01:31 38784 ----a-w- c:\users\Tim\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-20 11:08 . 2009-12-10 01:31 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
    2009-11-10 16:53 . 2009-03-31 01:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-10 16:53 . 2007-11-26 06:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-10 16:52 . 2009-03-31 01:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-10 16:52 . 2009-03-31 01:10 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-10 16:29 . 2009-11-10 16:28 891208 ----a-w- c:\users\Tim\avg_free_stb_en_9_40_free.exe
    2009-11-09 12:31 . 2009-12-09 06:38 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 06:38 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 06:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-03 02:42 . 2009-10-03 06:12 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-02 09:10 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
    2009-10-29 09:17 . 2009-11-25 09:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-07-07 03:52 . 2008-05-01 06:55 88 --sh--r- c:\windows\System32\47B0CB5F95.sys
    2009-07-07 03:52 . 2008-05-01 06:55 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
    2009-09-07 18:11 3962184 ----a-w- c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"= "c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll" [2009-09-07 3962184]

    [HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-29 583048]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^4WARN.lnk]
    backup=c:\windows\pss\4WARN.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\4WARN.lnk

    [HKLM\~\startupfolder\C:^Users^Tim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2007-02-06 16:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    2008-10-31 01:28 1168264 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-10-25 22:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-10-25 22:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-01-05 13:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-09-25 23:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-11-21 06:44 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):fb,b2,83,d1,39,58,ca,01

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [1/17/2010 20:24 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/30/2009 19:10 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/30/2009 19:10 360584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 07:56 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 07:56 74480]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/10/2009 10:52 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/10/2009 10:52 285392]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/18/2010 01:11 1153368]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 15:40 3668480]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 07:19 1181328]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/3/2008 14:15 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/29/2009 20:41 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 21:48 704864]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 07:56 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/29/2008 06:38 356920]
    S4 gupdate1c95b3fb983f530;Google Update Service (gupdate1c95b3fb983f530);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2008 21:22 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-20 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-18 21:31]

    2010-01-21 c:\windows\Tasks\User_Feed_Synchronization-{545F49AA-6AE7-4CEF-874D-70E8208D44E8}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    MSConfigStartUp-Google Update - c:\users\Tim\AppData\Local\Google\Update\GoogleUpdate.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-01-20 23:49
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84EDE856]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x86fa1d24
    \Driver\ACPI -> acpi.sys @ 0x80696d68
    \Driver\atapi -> ataport.SYS @ 0x807b2a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-01-20 23:56:43
    ComboFix-quarantined-files.txt 2010-01-21 05:56
    ComboFix2.txt 2010-01-21 04:04

    Pre-Run: 51,069,222,912 bytes free
    Post-Run: 51,027,570,688 bytes free

    - - End Of File - - E87D2EBB5B15AE46364FED40D407A1E7



    _____________________________________________________________________________________




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:11:08, on 1/21/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted IP range: http://192.168.5.15
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13427 bytes
     
  8. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.


    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    KillAll::
    
    File::
    c:\windows\System32\47B0CB5F95.sys
    
    
    Folder::
    c:\users\Tim\AppData\LocalLow\CyberDefender
    c:\program files\Common Files\Symantec Shared
    
    
    Driver::
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"=-
    [-HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"=-
    [-HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}"=-
    [-HKEY_CLASSES_ROOT\clsid\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar.1]
    [-HKEY_CLASSES_ROOT\TypeLib\{CD24EB02-9831-4838-99D0-726D411B1328}]
    [-HKEY_CLASSES_ROOT\Cdmyidd.SecurityToolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "Symantec PIF AlertEng"=-
    
    RegLockDel::
    
    MBR::
    
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
    • A new HijackThis log.
     
  9. TimFlog

    TimFlog Techie7 New Member

    Hey broni,

    can't get combofix to produce a log file. DCOM server keeps shutting down unexpectedly and system reboots. Here is the Hijackthis log file:




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:11:08, on 1/21/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted IP range: http://192.168.5.15
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13427 bytes
     
  10. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Try Safe Mode.
     
  11. TimFlog

    TimFlog Techie7 New Member

    Combofix says Zone Alarm Anti-Spyware is running. I have ZoneAlarm disabled and even when enabled it says Anti-Spyware is not running. Any ideas?




    ComboFix 10-01-20.07 - Tim 01/22/2010 16:04:19.5.2 - x86 MINIMAL
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1525.1096 [GMT -6:00]
    Running from: c:\users\Tim\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tim\Desktop\CFScript.txt
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    SP: ZoneAlarm Anti-Spyware *enabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

    FILE ::
    "c:\windows\System32\47B0CB5F95.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
    c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertUi.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcGlobal.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcmhSvar.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\dcProd.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01\AlertEng.loc
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\fallback.dat
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\lun.ico
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhDSA.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhSched.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\mhUpgr.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\pifCrawl.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep06.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifPep07.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollMgr.dll
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\readme.txt
    c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\SymHTML.dll
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\AlertEng.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\LuSymProtect.spm
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.grd
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.sig
    c:\program files\Common Files\Symantec Shared\SPManifests\PifCore.spm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Ads Blocker\AdsAlert.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\AWSDLL.DLL
    c:\users\Tim\AppData\LocalLow\CyberDefender\cdinstx.exe
    c:\users\Tim\AppData\LocalLow\CyberDefender\cdinstx.log
    c:\users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    c:\users\Tim\AppData\LocalLow\CyberDefender\database.db
    c:\users\Tim\AppData\LocalLow\CyberDefender\Download\spnindex.dat.03
    c:\users\Tim\AppData\LocalLow\CyberDefender\Download\stbar03.exe
    c:\users\Tim\AppData\LocalLow\CyberDefender\Download\stbarpat.dat.03
    c:\users\Tim\AppData\LocalLow\CyberDefender\Download\wsliveup.dat.03
    c:\users\Tim\AppData\LocalLow\CyberDefender\gacutil.exe
    c:\users\Tim\AppData\LocalLow\CyberDefender\Includes\Loading.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Includes\NoItems Index.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Includes\Password Cookie.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Includes\Passwords Index.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Includes\Privacy Index.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\charset.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\cookie.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\defaultCharset.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\form.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\frame.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\gray.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\green.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\host.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bg.jpg
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bg_button.jpg
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bg_top.jpg
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_go.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_go_down.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_go_over.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_grey.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_red - Copy.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_red.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_red_down.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\bt_red_over.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\caution.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\frame.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\logo.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\logo.jpg
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\logo_orange.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\topbar.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\topbar_orange.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\images\warning.gif
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\popup.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\port.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\protocol.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\red.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\referrer.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\scamalert.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\scamalert.htm1
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\scamalert.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\script.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\security.html
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\style.css
    c:\users\Tim\AppData\LocalLow\CyberDefender\Scam Alert\yellow.htm
    c:\users\Tim\AppData\LocalLow\CyberDefender\spnindex.dat.03
    c:\users\Tim\AppData\LocalLow\CyberDefender\ssstbar.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\sssTbarcfg.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\sssTbarSettings.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\sssTbarUpdateHost.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\sssTbarV2.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\st.ico
    c:\users\Tim\AppData\LocalLow\CyberDefender\stbar03.exe
    c:\users\Tim\AppData\LocalLow\CyberDefender\stbarpat.dat.03
    c:\users\Tim\AppData\LocalLow\CyberDefender\stbarversion.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\UserGuide\cybdefstbar.set
    c:\users\Tim\AppData\LocalLow\CyberDefender\UserGuide\stbarchk.ini
    c:\users\Tim\AppData\LocalLow\CyberDefender\wsliveup.dat.03
    c:\windows\Downloaded Program Files\popcaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\System32\47B0CB5F95.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_LiveUpdate Notice Service


    ((((((((((((((((((((((((( Files Created from 2009-12-22 to 2010-01-22 )))))))))))))))))))))))))))))))
    .

    2010-01-22 22:16 . 2010-01-22 22:21 -------- d-----w- c:\users\Tim\AppData\Local\temp
    2010-01-22 22:16 . 2010-01-22 22:16 -------- d-----w- c:\users\Public\AppData\Local\temp
    2010-01-22 22:16 . 2010-01-22 22:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-01-22 22:00 . 2010-01-22 22:02 -------- d-----w- C:\32788R22FWJFW
    2010-01-21 05:24 . 2010-01-21 05:24 -------- d-----w- c:\programdata\Office Genuine Advantage
    2010-01-20 05:55 . 2010-01-20 05:55 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-01-20 05:54 . 2010-01-20 05:54 -------- d-----w- c:\users\Tim\AppData\Roaming\SUPERAntiSpyware.com
    2010-01-20 05:53 . 2010-01-20 05:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-01-20 05:16 . 2010-01-20 05:16 -------- d-----w- c:\program files\MSN Toolbar
    2010-01-20 05:15 . 2010-01-20 05:17 -------- d-----w- c:\program files\MSN Toolbar Installer
    2010-01-18 07:11 . 2010-01-18 11:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-01-18 07:11 . 2010-01-18 07:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-01-18 06:45 . 2010-01-18 07:05 -------- d-----w- C:\fixwareout
    2010-01-18 06:27 . 2010-01-18 06:27 -------- d-----w- c:\program files\Trend Micro
    2010-01-18 06:26 . 2010-01-18 06:27 812344 ----a-w- c:\users\Tim\HJTInstall.exe
    2010-01-18 05:01 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-01-18 02:24 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-01-18 02:19 . 2010-01-18 02:19 -------- dc-h--w- c:\programdata\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
    2010-01-18 02:17 . 2010-01-18 02:24 -------- d-----w- c:\programdata\Lavasoft
    2010-01-18 02:17 . 2010-01-18 02:17 -------- d-----w- c:\program files\Lavasoft
    2010-01-18 02:08 . 2010-01-18 02:09 91338304 ----a-w- c:\users\Tim\Ad-AwareInstallation.exe
    2010-01-12 21:49 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
    2010-01-12 21:49 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-01-22 22:18 . 2008-03-20 05:29 350192 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
    2010-01-21 04:46 . 2007-04-19 18:17 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-01-21 04:43 . 2007-09-25 23:23 -------- d-----w- c:\program files\Google
    2010-01-21 04:39 . 2008-03-19 16:04 -------- d-----w- c:\program files\MSN Games
    2010-01-20 16:48 . 2008-08-10 16:49 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-01-20 09:21 . 2007-11-10 00:04 -------- d-----w- c:\program files\Spyware Doctor
    2010-01-20 05:13 . 2007-04-19 19:43 -------- d-----w- c:\program files\Java
    2010-01-19 21:53 . 2007-09-26 04:02 -------- d-----w- c:\users\Tim\AppData\Roaming\Skype
    2010-01-16 15:27 . 2008-09-11 19:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-15 02:38 . 2008-05-01 06:55 -------- d-----w- c:\users\Tim\AppData\Roaming\Corel
    2010-01-13 09:09 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2010-01-12 04:33 . 2007-04-19 19:10 -------- d-----w- c:\programdata\WildTangent
    2010-01-12 04:24 . 2007-04-19 19:10 -------- d-----w- c:\program files\HP Games
    2010-01-07 22:07 . 2008-09-11 19:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-07 22:07 . 2008-09-11 19:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-12-15 03:34 . 2009-03-19 16:26 -------- d-----w- c:\programdata\4WARN
    2009-12-15 03:33 . 2008-05-14 20:51 -------- d-----w- c:\program files\Common Files\4WARN
    2009-12-15 03:33 . 2007-10-23 22:39 61440 ----a-w- c:\windows\wnUninstall.exe
    2009-12-10 01:39 . 2009-12-10 01:30 -------- d-----w- c:\programdata\NOS
    2009-12-10 01:34 . 2009-11-20 05:42 -------- d-----w- c:\program files\Common Files\Adobe
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-12-10 01:30 . 2009-12-10 01:30 -------- d-----w- c:\program files\NOS
    2009-12-09 06:38 . 2007-04-19 18:46 -------- d-----w- c:\programdata\Microsoft Help
    2009-12-06 01:18 . 2007-11-27 05:04 -------- d-----w- c:\users\Tim\AppData\Roaming\OpenOffice.org2
    2009-12-04 17:32 . 2009-06-02 14:48 -------- d-----r- c:\program files\Skype
    2009-12-04 17:31 . 2007-09-26 04:00 -------- d-----w- c:\programdata\Skype
    2009-11-21 06:40 . 2009-12-09 05:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-11-21 06:34 . 2009-12-09 05:41 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-11-21 06:34 . 2009-12-09 05:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2009-11-21 04:59 . 2009-12-09 05:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2009-11-10 16:53 . 2009-03-31 01:10 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-10 16:53 . 2007-11-26 06:33 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-10 16:52 . 2009-03-31 01:10 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-10 16:52 . 2009-03-31 01:10 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-10 16:29 . 2009-11-10 16:28 891208 ----a-w- c:\users\Tim\avg_free_stb_en_9_40_free.exe
    2009-11-09 12:31 . 2009-12-09 06:38 24064 ----a-w- c:\windows\system32\nshhttp.dll
    2009-11-09 12:30 . 2009-12-09 06:38 30720 ----a-w- c:\windows\system32\httpapi.dll
    2009-11-09 10:36 . 2009-12-09 06:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
    2009-11-03 02:42 . 2009-10-03 06:12 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 09:17 . 2009-11-25 09:03 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-07-07 03:52 . 2008-05-01 06:55 2828 --sha-w- c:\windows\System32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2009-10-09 25623336]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-25 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
    "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]

    c:\users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^4WARN.lnk]
    backup=c:\windows\pss\4WARN.lnk.CommonStartup
    backupExtension=.CommonStartup
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\4WARN.lnk

    [HKLM\~\startupfolder\C:^Users^Tim^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
    backup=c:\windows\pss\OpenOffice.org 2.3.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
    2007-02-06 16:20 478800 ----a-w- c:\program files\CVS\CVS Photo Editor Plus\Corel Photo Downloader.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
    2008-10-31 01:28 1168264 ----a-w- c:\program files\Spyware Doctor\pctsTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-10-25 22:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-10-25 22:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
    2009-07-17 17:12 288080 ----a-w- c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
    2007-02-13 18:38 159744 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2007-03-29 00:45 176128 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-09-06 20:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-01-05 13:56 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-09-25 23:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2009-11-21 06:44 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "VistaSp2"=hex(b):fb,b2,83,d1,39,58,ca,01

    R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [1/17/2010 20:24 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [3/30/2009 19:10 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [3/30/2009 19:10 360584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 07:56 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 07:56 74480]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/10/2009 10:52 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/10/2009 10:52 285392]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 07:19 1181328]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [1/18/2010 01:11 1153368]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 15:40 3668480]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [7/3/2008 14:15 21504]
    S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [10/29/2009 20:41 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 21:48 704864]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 07:56 7408]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/29/2008 06:38 356920]
    S4 gupdate1c95b3fb983f530;Google Update Service (gupdate1c95b3fb983f530);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2008 21:22 133104]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-11 01:54]

    2010-01-22 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
    - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-18 21:31]

    2010-01-22 c:\windows\Tasks\User_Feed_Synchronization-{545F49AA-6AE7-4CEF-874D-70E8208D44E8}.job
    - c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
    FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\v4te46bp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    AddRemove-{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6} - c:\users\Tim\AppData\LocalLow\CyberDefender\cdinstx.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-01-22 16:20
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84EE8856]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0x86fa6d24
    \Driver\ACPI -> acpi.sys @ 0x8069dd68
    \Driver\atapi -> ataport.SYS @ 0x807b9a2c
    IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'Explorer.exe'(9064)
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-22 16:34:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-22 22:34
    ComboFix2.txt 2010-01-21 05:56
    ComboFix3.txt 2010-01-21 04:04

    Pre-Run: 50,571,886,592 bytes free
    Post-Run: 50,557,120,512 bytes free

    - - End Of File - - 1321FD4909D354FCBC7EA0453A6C1F1C


    --------------------------------------------------------------------------------------------------------




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:11:08, on 1/21/2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18865)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Live\Messenger\wlcsdk.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Users\Tim\AppData\LocalLow\CyberDefender\cdmyidd.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O15 - Trusted IP range: http://192.168.5.15
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - (no file)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 13427 bytes
     
  12. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    How is redirection issue?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Restart computer.

    ==============================================================

    Please download The Avenger by Swandog46 to your Desktop.
    - Right click on the Avenger.zip folder and select Extract All...
    - Follow the prompts and extract the avenger folder to your desktop

    Double click on avenger.exe.
    Click OK in pop-up window.

    Avenger window will open.

    Click on Execute button.
    Click OK in two consecutive pop-up windows.

    Your computer will re-boot now.

    Upon re-boot, Notepad window will open.
    Select all text, copy it, and paste it into next reply.

    NOTE. If the log doesn't open on reboot, open Avenger again, and go File>Open Log File.
     
  13. TimFlog

    TimFlog Techie7 New Member

    Seemed to be working fine but now still getting redirected.

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    Swandog46's Public Anti-Malware Tools

    Platform: Windows Vista

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!


    Completed script processing.

    *******************

    Finished! Terminate.
     
  14. broni

    broni Malware Annihilator Techie7 Moderator Head Security

    Download the MBR Rootkit Detector: http://www2.gmer.net/mbr/mbr.exe to your desktop.

    * Doubleclick mbr.exe and follow prompts.
    * A black DOS window will quickly appear then disappear.
    * When mbr.exe is finished it will create a log on your desktop.
    * Copy and paste contents of that log (mbr.log) file to your next reply.