Jump to content

DaveUpNorth

Honorary Members
 View Profile  See their activity

  • Posts

    68

  • Joined

  • Last visited

 Content Type 

Everything posted by DaveUpNorth

  1. DaveUpNorth
    Here we go. I left AdwCleaner open, "waiting for action." AdwCleanerR1.txt
  2. DaveUpNorth
    I've tried to run OTL three times. It repeatedly stalls while scanning Firefox files.
  3. DaveUpNorth
    Will do. Thanks. G'nite.
  4. DaveUpNorth
    Updated. Did quick scan. Nothing found. My wireless connection died, and I had to reboot the computer we've been working on. With "nothing found," do you still need the report?
  5. DaveUpNorth
    Here we go. Thx. ComboFix.txt
  6. DaveUpNorth
    The txt file was created at 7:32
  7. DaveUpNorth
    It's stalled again for more than a half-hour. There is a combofix.txt file in the c:combofix folder, which was created at 7:32 pm today.
  8. DaveUpNorth
    Googled. Used windows-R and got it..
  9. DaveUpNorth
    Not sure why but I can't find Start ---> Run. I'm on Windows 7 Pro. I know I've used that command path before, but must haev a brain freeze (or eye freeze.)
  10. DaveUpNorth
    Everything proceeded well. Now ComboFix has been "preparing a log report" for quite a long time--more than 45 minutes. Shall I wait longer, and/or should I do something else?
  11. DaveUpNorth
    (I had browsed and opened, just didn't attach.)
  12. DaveUpNorth
    I guess if I want to attach a file I need to click "Attach Files." Sorry about that. RKreport1_S_01132013_02d1514 DaveUpNorth.txt
  13. DaveUpNorth
    Here's the report. THanks.
  14. DaveUpNorth
    I created a restore point, ran MBAR, which said no cleanup was required. I turned on my wireless to check the Internet Connection, Firewall and Windows update, and the ransom screen immediately appeared.
  15. DaveUpNorth
    My primary screen was taken over with the ransom request. I use dual monitors, so I was able to run my MalwareBytes PRO, which found no infections. Here are the requested logs: ATTACH.TXT . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 7/14/2010 11:02:30 AM System Uptime: 1/13/2013 12:49:17 PM (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Core i5 CPU M 520 @ 2.40GHz | rPGA988A Socket | 2394/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 53.756 GiB free. D: is Removable E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Security Processor Loader Driver Device ID: ROOT\LEGACY_SPLDR\0000 Manufacturer: Name: Security Processor Loader Driver PNP Device ID: ROOT\LEGACY_SPLDR\0000 Service: spldr . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Consumer IR Devices Device ID: ROOT\SYSTEM\0001 Manufacturer: Microsoft Name: Consumer IR Devices PNP Device ID: ROOT\SYSTEM\0001 Service: circlass . ==== System Restore Points =================== . RP38: 1/8/2013 3:00:25 AM - Windows Update RP39: 1/9/2013 3:00:28 AM - Windows Update RP40: 1/10/2013 3:00:44 AM - Windows Update RP41: 1/11/2013 3:00:30 AM - Windows Update RP42: 1/12/2013 3:00:28 AM - Windows Update RP43: 1/13/2013 3:00:20 AM - Windows Update RP44: 1/13/2013 11:02:31 AM - Restore Operation . ==== Installed Programs ====================== . Adobe AIR Adobe Digital Editions 2.0 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 ALPS Touch Pad Driver Amazon Kindle Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Mobile Device Support Apple Software Update Audacity 1.3.13 (Unicode) AuthenTec Fingerprint Software AVer Media Center AVerMedia Applications AVerMedia H826 series driver 2.0.64.126 AVerMedia Media Center Plug-ins 2.0.8.0 AVerRadio AVG 2012 AVG 2013 AVG Security Toolbar Bing Desktop Bluetooth Stack for Windows by Toshiba Boingo Wi-Finder Bonjour BrainStorm Brother MFL-Pro Suite MFC-5460CN CCleaner CDBurnerXP Coupon Printer for Windows CutePDF Writer 2.8 D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DING! Dropbox eFax Messenger eMusic Download Manager Evernote v. 4.5.8 ExifPro 1.0 Photo Viewer FileSeek 2.1.3 FileZilla Client 3.5.3 FlipShare Free MP3 WMA OGG Converter 9.0.1 Google Chrome Google Drive Google Update Helper GoToMeeting 5.1.0.880 iMesh Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Network Connections Drivers Intel® Rapid Storage Technology iNTERNET Turbo iTunes Japanese Fonts Support For Adobe Reader 9 Java 7 Update 9 Java Auto Updater Java 6 Update 37 Junk Mail filter update KeePass Password Safe 1.20 Keynote Connector LSI V92 MOH Application Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Primary Interop Assemblies Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Live Meeting 2007 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) Microsoft SQL Server Native Client Microsoft SQL Server Setup Support Files (English) Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MIKSOFT Mobile Media Converter MiMedia Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) PhotoFiltre PlayReady PC Runtime amd64 Quick PDF Converter v4.1 Quickbooks Financial Center QuickTime Read Aloud 2 Realtek High Definition Audio Driver Reimage Repair Revo Uninstaller 1.94 RICOH R5U230 Media Driver ver.2.08.03.03 ScanSoft PaperPort 11 Secunia PSI (2.0.0.3003) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype Launcher SnugTV Station Sound Organizer SugarSync Manager TFPU Todoist version 1.9 TOSHIBA Application Installer TOSHIBA Assist TOSHIBA Bulletin Board TOSHIBA ConfigFree TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA eco Utility TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Fingerprint Utility TOSHIBA HDD Protection TOSHIBA HDD/SSD Alert TOSHIBA Internal Modem Region Select Utility Toshiba Online Backup TOSHIBA PC Health Monitor TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Software Modem TOSHIBA Tablet Access Code Logon Utility TOSHIBA Tablet PC Extension (x64) TOSHIBA USB Sleep and Charge Utility TOSHIBA Value Added Package TOSHIBA Web Camera Application ToshibaRegistration Touch Driver TweetDeck Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition USB2.0 Capture Device Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.2 WebEx Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Windows XP Mode WorldWinner Games YouSendIt Express . ==== Event Viewer Messages From Past Week ======== . 1/8/2013 9:37:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 1/8/2013 10:37:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ATService service. 1/7/2013 7:31:57 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process. 1/6/2013 7:37:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 1/6/2013 5:09:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 1/6/2013 5:09:05 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/13/2013 7:27:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Server service to connect. 1/13/2013 3:01:24 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office PowerPoint 2007 (KB2596764). 1/13/2013 12:50:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:50:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/13/2013 12:50:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/13/2013 12:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/13/2013 12:50:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/13/2013 12:50:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/13/2013 12:50:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/13/2013 12:49:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Tosrfcom vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 12:49:50 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning. 1/13/2013 11:44:03 AM, Error: Service Control Manager [7000] - The TOSHIBA Touch Pad Service service failed to start due to the following error: The system cannot find the file specified. 1/13/2013 11:42:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the FlipShare Service service to connect. 1/13/2013 11:42:08 AM, Error: Service Control Manager [7000] - The FlipShare Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/13/2013 11:28:04 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 1/13/2013 11:04:43 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. 1/13/2013 10:42:53 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 1/13/2013 10:36:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache MpFilter spldr Tosrfcom vpcvmm Wanarpv6 1/11/2013 8:47:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.141.3725.0). 1/11/2013 8:46:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80070643 Error description: Fatal error during installation. 1/11/2013 8:37:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FlipShare Service service. 1/11/2013 11:37:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 1/11/2013 11:37:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.3637.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240022 Error description: The program can't check for definition updates. 1/10/2013 3:49:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. 1/10/2013 3:39:58 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service. . ==== End Of File =========================== DDS.TXT DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2 Run by toshibauser at 12:58:27 on 2013-01-13 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3824.2929 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k NetworkService C:\windows\SYSTEM32\WISPTIS.EXE C:\windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\windows\Explorer.EXE C:\windows\system32\ctfmon.exe C:\windows\hh.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://start.toshiba.com/ uDefault_Page_URL = hxxp://start.toshiba.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: TFPUPWDBankBHO Class: {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} - C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - BHO: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: Somoto Toolbar: {652853ad-5592-4231-88c6-706613a52e61} - TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED mRun: [TOSDCR] C:\Program Files (x86)\TOSHIBA\PasswordUtility\TOSDCR.exe mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TRot.exe] C:\Program Files (x86)\Toshiba\TOSHIBA Rotation Utility\TRot.exe mRun: [TAcelMgr] C:\Program Files (x86)\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe mRun: [TSkrMain] C:\Program Files (x86)\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe mRun: [button Disable] C:\Program Files (x86)\Toshiba\TOSHIBA Button Disable\TBD.exe mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun mRun: [iTSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" mRun: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [iTurbo] C:\Program Files (x86)\iNTERNET Turbo\ITTray.exe mRun: [Adobe ARM] "C:\ProgramData\ifgxpers.exe" StartupFolder: C:\Users\TOSHIB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe StartupFolder: C:\Users\TOSHIB~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\toshibauser\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNUGTV~1.LNK - C:\windows\Installer\{F6C368A7-0DD5-4DA1-BDE1-4369AFA45B4E}\NewShortcut1_46FEF19C05F1475DAA14D9007DC15270_2.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{023C090B-97AB-413F-A1D0-DE71CB2409AA} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{4F24AACA-F94A-4FCF-B524-477A9FC28B82} : NameServer = 107.6.133.8,23.23.180.210 TCP: Interfaces\{78837E09-78EF-4035-84A0-25448C433961} : NameServer = 107.6.133.8,23.23.180.210 TCP: Interfaces\{915A4D0F-CCBF-4513-947F-C83B4493AC01} : NameServer = 107.6.133.8,23.23.180.210 TCP: Interfaces\{915A4D0F-CCBF-4513-947F-C83B4493AC01} : DHCPNameServer = 64.89.70.2 64.89.74.2 66.155.216.122 TCP: Interfaces\{9FD2552F-00D6-4945-B1C8-5906BAC0E61C} : NameServer = 107.6.133.8,23.23.180.210 TCP: Interfaces\{9FD2552F-00D6-4945-B1C8-5906BAC0E61C} : DHCPNameServer = 10.10.10.235 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://start.toshiba.com/ x64-mDefault_Page_URL = hxxp://start.toshiba.com/ x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe x64-Run: [TFPUPWDBankService] C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe /start x64-Run: [TFPUService] C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe /start x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [smoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&barid={1A3D42C2-FD93-11E1-A805-E89D87A0E21D}&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll FF - plugin: C:\Users\toshibauser\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\toshibauser\AppData\Roaming\Mozilla\plugins\npatgpc.dll FF - plugin: C:\windows\System32\Wat\npWatWeb.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-11-24 06:56; amznUWL2@amazon.com; C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\extensions\amznUWL2@amazon.com.xpi FF - ExtSQL: 2012-11-25 11:13; {7CA9CF31-1C73-46CD-8377-85AB71EA771F}; C:\Users\toshibauser\AppData\Roaming\Mozilla\Firefox\Profiles\fvwzz8zk.default\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi . ---- FIREFOX POLICIES ---- . FF - user.js: extensions.claro.autoRvrt - false FF - user.js: extensions.claro_i.newTab - false FF - user.js: extensions.claro.id - 342920c5000000000000e89d87a0e21d FF - user.js: extensions.claro.instlDay - 15596 FF - user.js: extensions.claro.vrsn - 1.6.4.1 FF - user.js: extensions.claro.vrsni - 1.6.4.1 FF - user.js: extensions.claro_i.vrsnTs - 1.6.4.17:14:36 FF - user.js: extensions.claro.prtnrId - claro FF - user.js: extensions.claro.prdct - claro FF - user.js: extensions.claro.aflt - babsst FF - user.js: extensions.claro_i.smplGrp - none FF - user.js: extensions.claro.tlbrId - claro FF - user.js: extensions.claro.instlRef - sst FF - user.js: extensions.claro.dfltLng - en FF - user.js: extensions.claro.excTlbr - false FF - user.js: extensions.claro.admin - false FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-7-11 56336] R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784] R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-2-20 482384] R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 30568] R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2010-7-14 60416] R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2010-7-14 80384] R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2011-4-26 53760] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-7-14 56344] R3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-1-13 36680] R3 TBtnKey;TOSHIBA Tablet PC Buttons Type N HID Driver;C:\windows\System32\drivers\TBtnKey.sys [2009-7-20 20032] R3 wisdpen;Wacom Penabled MiniDriver;C:\windows\System32\drivers\wisdpen.sys [2011-1-4 44656] S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768] S1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] S1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696] S1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032] S2 ATService;AuthenTec Fingerprint Service;C:\Program Files\Fingerprint Sensor\ATService.exe [2009-12-18 2704704] S2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2012-1-6 348160] S2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2012-1-6 397312] S2 AVerUpdateServer;AVerUpdateServer;C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2010-3-9 169984] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] S2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424] S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-11-27 252784] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448] S2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-13 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-13 682344] S2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456] S2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904] S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848] S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416] S2 SnugTV Service;SnugTV Service;C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2010-4-12 526336] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-12-22 317296] S2 TTPDSrv;TOSHIBA Touch Pad Service;C:\windows\System32\TTPDSRV.exe [2010-7-14 73728] S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-14 2314240] S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;C:\windows\System32\drivers\ATSwpWDF.sys [2009-12-18 734720] S3 AVerFx2hbtv64;AVerMedia H826 USB Hybrid Tuner;C:\windows\System32\drivers\AVerFx2hbtv64.sys [2012-1-6 512512] S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\windows\System32\drivers\e1k62x64.sys [2012-2-2 509104] S3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2009-10-26 151936] S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-6-7 24176] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S3 PACSPTISVR-Sound_Organizer;PACSPTISVR-Sound_Organizer;C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [2012-11-8 174176] S3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-9-21 35008] S3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456] S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-14 54136] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-12-25 137560] S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-12-24 811376] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-14 1255736] . =============== File Associations =============== . ShellExec: QuickPDF v3.0.exe: Open=C:\QuickPDFConverter\QuickPdfToWord.exe "%1" . =============== Created Last 30 ================ . 2013-01-13 17:52:04 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys 2013-01-13 00:49:55 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B9C7B3F8-0FBD-499A-A1E6-8C670807C8A8}\mpengine.dll 2013-01-12 21:54:03 68744 ----a-w- C:\ProgramData\ifgxpers.exe 2013-01-12 06:21:46 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-09 18:13:46 424448 ----a-w- C:\windows\System32\KernelBase.dll 2013-01-09 01:15:49 16369160 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2013-01-05 17:51:38 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-3\Microsoft.MediaCenter.Sports.UI.dll 2013-01-05 17:51:23 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll 2012-12-28 17:35:16 -------- d-----w- C:\Program Files (x86)\iNTERNET Turbo 2012-12-27 14:25:52 -------- d-----w- C:\rei 2012-12-27 14:25:44 -------- d-----w- C:\Program Files\Reimage 2012-12-26 17:55:48 -------- d-----w- C:\Program Files\iPod 2012-12-26 17:55:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-26 17:55:45 -------- d-----w- C:\Program Files\iTunes 2012-12-26 17:55:45 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-23 23:21:59 -------- d-----w- C:\Users\toshibauser\AppData\Local\LogMeIn Rescue Applet 2012-12-23 08:00:24 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-23 08:00:23 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-23 08:00:23 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-23 08:00:22 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-23 01:07:36 -------- d-----w- C:\windows\pss 2012-12-18 19:26:26 -------- d-----w- C:\Users\toshibauser\AppData\Local\Adobe_Systems_Incorporate 2012-12-17 17:02:45 83560 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe 2012-12-15 18:13:40 -------- d-----w- C:\Users\toshibauser\AppData\Local\TodoistCache . ==================== Find3M ==================== . 2013-01-09 01:16:11 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 01:16:11 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 21:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-12-10 00:31:55 56336 ------w- C:\windows\System32\drivers\PxHlpa64.sys 2012-12-10 00:31:53 11376 ------w- C:\windows\System32\drivers\cdralw2k.sys 2012-12-10 00:31:53 10864 ------w- C:\windows\System32\drivers\cdr4_xp.sys 2012-12-07 13:20:16 441856 ----a-w- C:\windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-11-30 04:54:00 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-23 03:26:31 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-23 03:13:57 68608 ----a-w- C:\windows\System32\taskhost.exe 2012-11-22 05:44:23 800768 ----a-w- C:\windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-11-16 04:33:24 111968 ----a-w- C:\windows\System32\drivers\avgmfx64.sys 2012-11-14 06:11:44 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:32 750592 ----a-w- C:\windows\System32\win32spl.dll 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-11-08 23:38:18 30568 ----a-w- C:\windows\System32\drivers\avgtpx64.sys 2012-11-08 16:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll 2012-11-02 05:59:11 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-11-01 05:43:42 2002432 ----a-w- C:\windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2012-10-25 08:12:26 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts 2012-10-22 18:02:44 154464 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll . ============= FINISH: 13:00:57.97 ===============
  16. DaveUpNorth
    Thanks. I removed the three objects and rebooted into normal mode. Ran quick scan. Nothing bad found! Other problem I had--and can probably find help on (or maybe this fixed it) was the inability to get windows updates. Will try that again in a bit. Thanks. Proceed with the ComboFix uninstall, etc?
  17. DaveUpNorth
    Update: Ran MBAM and found the following: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6288 Windows 5.1.2600 Service Pack 3 (Safe Mode) Internet Explorer 7.0.5730.13 4/6/2011 2:09:49 PM mbam-log-2011-04-06 (14-09-39).txt Scan type: Quick scan Objects scanned: 170664 Time elapsed: 2 minute(s), 15 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\A\Local Settings\Application Data\ctp.exe" -a "iexplore.exe) Good: (iexplore.exe) -> No action taken. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  18. DaveUpNorth
    I've not seen any symptoms since running ComboFix. Each time I've rebooted, it's been in safe mode. Now, explorer opens. MBAM executes. Seems like things are like new. Any other recommended next steps?
  19. DaveUpNorth
    Thanks. Done and rebooted.
  20. DaveUpNorth
    Done. It found 'backdoor.bot' in the registry key and the file itself. Shall I remove both?
  21. DaveUpNorth
    I received acknowledgment of the upload early this morning and they're reviewing it now.
  22. DaveUpNorth
    That's always the hardest part! Thanks again for all of the help you're giving me.
  23. DaveUpNorth
    Done: http://forums.malwarebytes.org/index.php?showtopic=80957 Please let me know if I did it correctly or not. Thanks.
  24. DaveUpNorth
    Am I to also upload the VirusTotal analysis, either as an attached .txt file or in the copy?
  25. DaveUpNorth
    Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.