Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help
Reload this Page Infected with burstnet.com malware need help removing from vista home pc
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help.

Reply
 
LinkBack Thread Tools
Old 07-06-2009, 08:04 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: vista


Infected with burstnet.com malware need help removing from vista home pc
Hi, I am infected with burstnet.com malware need help removing from vista home pc. Windows definder and webroot antivirus and anti spyware did nothing.

I went into each browser, explore and mozilla and cleared the cookies and blocked burstnet.com site and still did not help. I think there is a Mywebsearch redirect command happanning. I am very begginner computer person so please excuse my ignorance.

I have attached the appropriate logs, and have pasted the DDS file below for your review. Thank YOU!!!! in advance for your assistance.

Jeff


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeff at 6:33:56.96 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1077 [GMT -7:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with AntiSpyware *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jeff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40E8PMSG\dds[1].pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\bar\1.bin\MWSSRCAS.DLL
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [MyWebSearch Email Plugin] "c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ITSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MyWebSearch Plugin] "c:\windows\system32\rundll32.exe" c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [MyWebSearch Email Plugin] "c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - http://edits.mywebsearch.com/toolbar...p=ZJxdm319YYUS
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\www.musclemagfitness
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-4-10 28762]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

=============== Created Last 30 ================

2009-07-06 05:47 <DIR> --d----- C:\fixwareout
2009-07-06 05:17 <DIR> --d----- c:\program files\Exterminate It!
2009-07-06 00:42 <DIR> --d----- c:\program files\AskSBar
2009-07-06 00:24 1,538,928 a------- c:\windows\WRSetup.dll
2009-07-06 00:24 <DIR> --d----- c:\users\jeff\appdata\roaming\Webroot
2009-07-06 00:24 <DIR> --d----- c:\programdata\Webroot
2009-07-06 00:24 <DIR> --d----- c:\program files\Webroot
2009-07-06 00:24 <DIR> --d----- c:\progra~2\Webroot
2009-07-06 00:20 164 a------- c:\windows\install.dat
2009-07-06 00:16 156,160 a------- c:\windows\system32\msls31.dll
2009-06-12 20:17 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-12 20:17 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-12 20:17 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-12 20:17 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-12 20:17 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-10 22:17 <DIR> --d----- c:\users\jeff\Tracing
2009-06-10 22:06 <DIR> --d----- c:\program files\Microsoft
2009-06-10 22:06 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-10 22:03 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-10 18:11 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 18:11 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 18:11 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-10 16:22 28,672 a------- c:\windows\system32\f3PSSavr.scr
2009-02-28 23:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-28 23:24 86,016 a------- c:\windows\inf\infstor.dat
2009-02-28 23:24 51,200 a------- c:\windows\inf\infpub.dat
2009-02-17 00:59 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-17 00:59 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-14 12:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 6:42:27.21 ===============
Attached Files
File Type: zip Attach.zip (1.8 KB, 1 views)
File Type: zip ark.zip (696 Bytes, 1 views)
jbehar1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-06-2009, 10:40 AM   #2 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: vista


Re: Infected with burstnet.com malware need help removing from vista home pc
Hi, sent wrong files, please instead review the revised files that I re-ran after I had tried to remove the malware on my own (didnt work). See below (revised DDS) and the combofix logs. I have also attached the GMER file and the other DDS that is required for your analysis. Please disregard earlier log and files sent, since they were run before I had tried to remove the malware.

Thank you in advance for your support;


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeff at 9:17:15.22 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1886 [GMT -7:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with AntiSpyware *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jeff\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ITSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\www.musclemagfitness
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

=============== Created Last 30 ================

2009-07-06 09:07 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-06 08:05 161,792 a------- c:\windows\SWREG.exe
2009-07-06 08:05 155,136 a------- c:\windows\PEV.exe
2009-07-06 08:05 98,816 a------- c:\windows\sed.exe
2009-07-06 08:04 <DIR> --ds---- C:\ComboFixx
2009-07-06 05:17 <DIR> --d----- c:\program files\Exterminate It!
2009-07-06 00:24 1,538,928 a------- c:\windows\WRSetup.dll
2009-07-06 00:24 <DIR> --d----- c:\users\jeff\appdata\roaming\Webroot
2009-07-06 00:24 <DIR> --d----- c:\programdata\Webroot
2009-07-06 00:24 <DIR> --d----- c:\program files\Webroot
2009-07-06 00:24 <DIR> --d----- c:\progra~2\Webroot
2009-07-06 00:20 164 a------- c:\windows\install.dat
2009-07-06 00:16 156,160 a------- c:\windows\system32\msls31.dll
2009-06-12 20:17 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-12 20:17 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-12 20:17 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-12 20:17 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-12 20:17 80,896 a------- c:\windows\system32\MSNP.ax
2009-06-10 22:17 <DIR> --d----- c:\users\jeff\Tracing
2009-06-10 22:06 <DIR> --d----- c:\program files\Microsoft
2009-06-10 22:06 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-06-10 22:03 <DIR> --d----- c:\program files\common files\Windows Live
2009-06-10 18:11 2,033,152 a------- c:\windows\system32\win32k.sys
2009-06-10 18:11 636,928 a------- c:\windows\system32\localspl.dll
2009-06-10 18:11 784,896 a------- c:\windows\system32\rpcrt4.dll

==================== Find3M ====================

2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-02-28 23:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-28 23:24 86,016 a------- c:\windows\inf\infstor.dat
2009-02-28 23:24 51,200 a------- c:\windows\inf\infpub.dat
2009-02-17 00:59 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-17 00:59 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-14 12:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 9:25:00.90 ===============




The following is the combofix log


ComboFix 09-07-05.04 - Jeff 07/06/2009 8:14:03.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1621 [GMT -7:00]
Running from: C:\Users\Jeff\Desktop\ComboFixx.exe
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Webroot AntiVirus with AntiSpyware *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-367273667-519061559-2108718722-500
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\Uninstall Fun Web Products.dll
C:\Users\Jeff\AppData\Local\Temp\RarSFX0\FI.exe
C:\Users\Jeff\AppData\Local\Temp\RarSFX1\FI.exe
C:\WINDOWS\Installer\WMEncoder.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 12:17:29 . 2009-07-06 14:07:12 0 d-----w- C:\Program Files\Exterminate It!
2009-07-06 07:24:45 . 2009-07-06 07:42:45 0 d-----w- C:\Program Files\Webroot
2009-07-06 07:24:45 . 2009-07-06 07:24:45 0 d-----w- C:\Users\Jeff\AppData\Roaming\Webroot
2009-07-06 07:24:45 . 2009-07-06 07:24:45 0 d-----w- C:\ProgramData\Webroot
2009-07-06 07:24:45 . 2008-08-09 23:04:56 1538928 ----a-w- C:\Windows\WRSetup.dll
2009-07-06 07:20:59 . 2009-07-06 07:21:02 164 ----a-w- C:\Windows\install.dat
2009-07-06 07:17:17 . 2009-05-09 05:34:34 71680 ----a-w- C:\Windows\system32\iesetup.dll
2009-07-06 07:17:16 . 2009-05-09 05:50:28 915456 ----a-w- C:\Windows\system32\wininet.dll
2009-06-27 02:41:59 . 2009-06-27 02:41:59 746744 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-13 03:17:27 . 2009-04-30 12:37:57 293376 ----a-w- C:\Windows\system32\psisdecd.dll
2009-06-13 03:17:27 . 2009-04-30 12:37:48 428544 ----a-w- C:\Windows\system32\EncDec.dll
2009-06-11 05:17:23 . 2009-07-06 08:21:00 0 d-----w- C:\Users\Jeff\Tracing
2009-06-11 0529 . 2009-06-11 0529 0 d-----w- C:\Program Files\Microsoft
2009-06-11 0516 . 2009-06-11 0516 0 d-----w- C:\Program Files\Windows Live SkyDrive
2009-06-11 0500 . 2009-06-11 0525 0 d-----w- C:\Program Files\Windows Live
2009-06-11 05:03:16 . 2009-06-11 05:03:16 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-06-11 01:11:02 . 2009-04-21 11:55:06 2033152 ----a-w- C:\Windows\system32\win32k.sys
2009-06-11 01:11:01 . 2009-04-23 12:42:53 636928 ----a-w- C:\Windows\system32\localspl.dll
2009-06-11 01:11:00 . 2009-04-23 12:43:04 784896 ----a-w- C:\Windows\system32\rpcrt4.dll
2009-06-08 06:56:50 . 2009-06-08 06:56:49 456304 ----a-w- C:\ProgramData\Google\Google Toolbar\Update\gtb7E29.tmp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-06 14:08:25 . 2008-08-14 19:00:38 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-06 14:08:25 . 2008-08-14 18:25:11 0 d-----w- C:\Program Files\Toshiba
2009-07-06 07:33:30 . 2009-02-16 21:00:55 112408 ----a-w- C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-06 07:24:34 . 2009-02-16 18:09:26 0 d-----w- C:\ProgramData\Microsoft Help
2009-07-06 07:21:23 . 2009-03-01 09:50:17 0 d-----w- C:\Program Files\Microsoft Works
2009-07-03 22:02:38 . 2009-02-17 07:57:42 0 d-----w- C:\Users\Jeff\AppData\Roaming\Skype
2009-07-03 18:22:03 . 2009-02-17 07:59:39 0 d-----w- C:\Users\Jeff\AppData\Roaming\skypePM
2009-06-05 07:36:51 . 2009-05-08 01:34:01 0 d-----w- C:\Program Files\Windows Live Safety Center
2009-05-29 23:53:25 . 2008-08-14 19:41:29 0 d-----w- C:\Program Files\Picasa3
2009-05-22 22:33:22 . 2009-05-22 22:33:22 0 d-----w- C:\Program Files\RSS Submit
2009-05-16 0638 . 2009-05-16 0638 416128 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-13 10:00:20 . 2006-11-02 11:18:33 0 d-----w- C:\Program Files\Windows Mail
2009-05-01 18:30:36 . 2009-05-01 18:30:36 3366912 ----a-w- C:\Windows\system32\GPhotos.scr
2009-02-16 21:00:24 . 2009-02-16 21:00:24 15 --sh--r- C:\Windows\System32\drivers\fbd.sys
2009-02-16 16:25:48 . 2009-02-16 16:25:48 4 --sh--r- C:\Windows\System32\drivers\taishop.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 20:03:12 430080]
"Skype"="C:\Program Files\Skype\\Phone\Skype.exe" [2009-04-16 20:36:36 24264488]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 09:18:58 39408]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 02:25:11 125952]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 01:51:28 3885408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 02:25:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-25 2310 150040]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-25 23:05:50 170520]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-25 2302 145944]
"RtHDVCpl"="C:\Windows\RtHDVCpl.exe" [2008-04-08 23:14:50 6037504]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 23:26:26 417792]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 21:52:52 431456]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 06:01:12 54608]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 05:01:58 448080]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 21:35:44 716800]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-21 02:23:32 1008184]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 23:03:46 75136]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 01:12:44 1029416]
"ToshibaServiceStation"="C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" [2008-08-04 21:46:38 1242424]
"PCMAgent"="C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 02:52:00 143360]
"CLMLServer"="C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 01:35:30 188416]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 18:44:34 31072]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 23:04:58 5418864]
"NDSTray.exe"="NDSTray.exe" [BU]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{37E430F4-5480-440F-B2D7-D711B3DDB7C7}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PowerCinema.exe:CyberLink PowerCinema
"{AE87CBDF-C7A6-4D36-89B5-E9764299ED33}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMService.exe:CyberLink PowerCinema Resident Program
"{09B4A36F-378B-4103-8749-232DA98F40B4}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{19B80962-D2B7-4047-A5D1-352865D490EF}"= C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{DE4EB467-61D8-4C59-A140-78BFF0E282EE}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1CEA450F-1E04-4E2D-A774-2F0DD8DBB941}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{EB755C26-71AF-4147-9042-81B9BE037FAC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{19439B09-4E97-4EBE-8F1F-7698DC3D69AB}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{76618F25-553F-4F77-BE4F-09C14E253997}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E01DDEF4-DB73-4453-9AF3-94614E17E598}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

R0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [8/9/2008 2:42:12 PM 29808]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe [7/10/2008 5:58:40 PM 40960]
R2 TMachInfo;TMachInfo;C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [8/14/2008 12:15:21 PM 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe [12/3/2007 6:03:52 PM 126976]
R3 FwLnk;FwLnk Driver;C:\Windows\System32\drivers\FwLnk.sys [8/14/2008 12:08:04 PM 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;C:\Windows\System32\drivers\NETw5v32.sys [4/28/2008 7:29:26 AM 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [4/24/2008 7:35:46 PM 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 C:\Windows\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-07-06 07:42:51 . 2008-08-09 23:04:58]

2009-07-06 C:\Windows\Tasks\wrSpySweeperFullSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-07-06 07:42:51 . 2008-08-09 23:04:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\www.musclemagfitness
FF - ProfilePath - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: C:\Program Files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
Attached Files
File Type: zip Attach rev.zip (1.8 KB, 0 views)
File Type: zip gmer rev.zip (706 Bytes, 0 views)
jbehar1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 07-06-2009, 11:09 AM   #3 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: vista


Re: Infected with burstnet.com malware need help removing from vista home pc
By the way, if this helps, the virus redirect problem (with all the zeesearch, adware, burstnet,com redirecting crap) all seems to only happen when I am on the following page: http://www.musclemagfitness.com/mmf-login.html, I also see a quick google ad flash on bottom left status bar when I am on the main page of the site, http://www.musclemagfitness.com
jbehar1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 07-11-2009, 03:02 AM   #4 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: vista


Bump: Re: Infected with burstnet.com malware need help removing from vista home pc
Bump please. Originally posted for assistance 5 days ago. I have not heard back from anyone.

Thank you in advance for your help.


DDS (Ver_09-06-26.01) - NTFSx86
Run by Jeff at 1:15:06.92 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18783
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2939.1816 [GMT -7:00]

AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Webroot AntiVirus with AntiSpyware *disabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Users\Jeff\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.toshibadirect.com/dpdstart
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [TOSCDSPD] "c:\program files\toshiba\toscdspd\TOSCDSPD.exe"
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] "c:\windows\ehome\ehTray.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [RtHDVCpl] "c:\windows\RtHDVCpl.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [TPwrMain] "c:\program files\toshiba\power saver\TPwrMain.EXE"
mRun: [HSON] "c:\program files\toshiba\tbs\HSON.exe"
mRun: [SmoothView] "c:\program files\toshiba\smoothview\SmoothView.exe"
mRun: [00TCrdMain] "c:\program files\toshiba\flashcards\TCrdMain.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [ITSecMng] "c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe" /START
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [NDSTray.exe] NDSTray.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\TSS.exe" /hide
mRun: [PCMAgent] "c:\program files\cyberlink\powercinema for toshiba\PCMAgent.exe"
mRun: [CLMLServer] "c:\program files\cyberlink\powercinema for toshiba\kernel\clml\CLMLSvc.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: musclemagfitness.com\www
Trusted Zone: ning.com\www.musclemagfitness
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\fvk4e9mu.default\
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZJxdm319YYUS&fl=0&ptb=9FEHU99BA9b1Pzi2FBDZQQ&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&si=39329&searchfor=
FF - plugin: c:\program files\picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-7-10 40960]
R2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-8-14 46392]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-8-14 7168]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\toshiba\smartfacev\SmartFaceVWatchSrv.exe [2008-4-24 73728]

=============== Created Last 30 ================

2009-07-11 00:54 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-07-11 00:08 <DIR> --ds---- C:\combofixw
2009-07-10 23:48 <DIR> --d----- C:\ComboFixx(1)
2009-07-06 21:30 <DIR> --ds---- C:\ComboFixx
2009-07-06 21:28 <DIR> --d----- C:\32788R22FWJFW.0.tmp
2009-07-06 08:05 161,792 a------- c:\windows\SWREG.exe
2009-07-06 08:05 155,136 a------- c:\windows\PEV.exe
2009-07-06 08:05 98,816 a------- c:\windows\sed.exe
2009-07-06 05:17 <DIR> --d----- c:\program files\Exterminate It!
2009-07-06 00:24 1,538,928 a------- c:\windows\WRSetup.dll
2009-07-06 00:24 <DIR> --d----- c:\users\jeff\appdata\roaming\Webroot
2009-07-06 00:24 <DIR> --d----- c:\programdata\Webroot
2009-07-06 00:24 <DIR> --d----- c:\program files\Webroot
2009-07-06 00:24 <DIR> --d----- c:\progra~2\Webroot
2009-07-06 00:20 164 a------- c:\windows\install.dat
2009-07-06 00:16 156,160 a------- c:\windows\system32\msls31.dll
2009-06-12 20:17 428,544 a------- c:\windows\system32\EncDec.dll
2009-06-12 20:17 293,376 a------- c:\windows\system32\psisdecd.dll
2009-06-12 20:17 217,088 a------- c:\windows\system32\psisrndr.ax
2009-06-12 20:17 177,664 a------- c:\windows\system32\mpg2splt.ax
2009-06-12 20:17 80,896 a------- c:\windows\system32\MSNP.ax

==================== Find3M ====================

2009-05-08 22:50 915,456 a------- c:\windows\system32\wininet.dll
2009-05-08 22:34 71,680 a------- c:\windows\system32\iesetup.dll
2009-05-01 11:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-23 05:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 05:42 636,928 a------- c:\windows\system32\localspl.dll
2009-04-21 04:55 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-28 23:24 143,360 a------- c:\windows\inf\infstrng.dat
2009-02-28 23:24 86,016 a------- c:\windows\inf\infstor.dat
2009-02-28 23:24 51,200 a------- c:\windows\inf\infpub.dat
2009-02-17 00:59 56 a---h--- c:\programdata\ezsidmv.dat
2009-02-17 00:59 56 a---h--- c:\progra~2\ezsidmv.dat
2008-08-14 12:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-20 19:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-03-21 14:04 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-03-21 14:04 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 1:22:26.46 ===============
jbehar1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Old 07-12-2009, 08:02 PM   #5 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 6
OS: vista


Bump Re: Infected with burstnet.com malware need help removing from vista home pc
Please bump
jbehar1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:41 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85